The Cloud Identity & Access Management for professional secrecy holders

The Professional secrecy holders and Identity & Access Management

In this blog, we will take a closer look at a special professional group – the professional secrecy holders – and what special requirements they have for Identity & Access Management.

What are persons subject to professional secrecy? – From doctors to lawyers and journalists!

Professional secrecy holders are a special group of professionals who are subject to a legal duty of confidentiality and are therefore not allowed to disclose entrusted secrets to third parties. This professional group includes, for example, doctors, lawyers, or journalists, that doctors have to particularly protect the data of their patients, or lawyers the data of their clients. The protection of these data and secrets is essential in that they are highly private secrets and information, such as a person’s health, in the case of a doctor or psychologist. These special obligations to protect the data of professional secrecy holders are regulated in Germany under Section 203 of the German Criminal Code (StGB).

The advantages of the cloud now also for those subject to professional secrecy!

Until the new regulation of Section 203 of the Criminal Code (StGB) in 2017, the use of cloud services for those subject to professional secrecy was practically impossible or only possible to a very limited extent. As a result of the new regulations, this particular professional group can now also use cloud services more easily and benefit from the associated advantages. It is important that an additional agreement on the protection of secrets in accordance with Section 203 of the German Criminal Code (StGB) is signed with the cloud provider. With this agreement, the cloud provider assures the professional secrecy holder of the secrecy of the data and the fulfillment of the obligations in accordance with Section 203 of the German Criminal Code (StGB), so that the professional secrecy holder can use the cloud provider’s offer without hesitation and with legal protection.
Accompanying this supplementary agreement, there are various framework conditions that need to be taken into account with a cloud provider. Starting with IT security to GDPR compliance, cloud providers should be well positioned. Therefore, providers from Germany or Europe, who understand the legal peculiarities and can offer corresponding contractual framework conditions, including the additional agreements mentioned, are particularly suitable.

cidaas as a cloud provider for persons subject to professional secrecy

With cidaas, we offer the leading European Cloud Identity & Access Management and a feature-complete, out-of-the-box solution for a unified identity across all channels. In doing so, we place a major focus on the areas of IT security, as well as regulatory compliance with GDPR conformity and the fulfillment of special regulatory requirements, e.g., Money Laundering Act (GWG) in the financial sector or in the environment of professional secrecy. In addition to certifications such as ISO27001 or Software Hosted in Germany, we rely on a German or European data center infrastructure where, in addition to our own data centers, we work very closely with the Open Telekom Cloud. The Open Telekom Cloud also knows and takes into account the various regulatory requirements, including those subject to professional secrecy (more about the professional secrecy holders at the Open Telekom Cloud)

With cidaas, those subject to professional secrecy have the right Cloud Identity & Access Management, which not only meets the legal requirements, but also contributes to increasing IT security. (Read more about how cidaas can increase security for companies in our blog: “Increase enterprise security with Identity & Access Management”).