Client separation makes it possible to map each client to a separate client on the same software system without the clients having mutual insight into their data. The separate processing of data collected for different purposes is a legal requirement, among others by the General Data Protection Regulation (GDPR).
Technically, client separation can be implemented by several measures (also in combination):
-
Separate data storage: Clients are separated at the database level, e.g. in the form of logical data separation.
-
Separate environments: Clients are mapped by different physical or virtual systems.
-
Client-specific encryption: The data is stored in encrypted form and the clients each receive an individual key. This method should be considered especially if there is a high need for protection.
-
Application-side separation: The clients are logically separated at the level of the programme code. However, the German Federal Office for Information Security does not consider this method to be sufficient.