The topic of cloud computing became more important in the last few years, especially in relation to small enterprises, because they can benefit from the advantages of the Cloud, such as less investment in the own IT infrastructure. But the combination of BPM and Cloud Computing is only just beginning to develop. Although some companies offer Business Process Management in the Cloud and the market continues to grow, but the offer is relatively modest. The benefits of moving business processes into the cloud (such as BPMaaS) are the same as those which offers cloud computing in general. What need to be considered, however, is which data is to be outsourced in the cloud and which provider needs to be selected. In particular, data protection and data security play an important role in this topic. If german personal data are transferred into the cloud, the data must be treated in accordance with the German Federal Data Protection Act. The cloud computing user stays responsible for all content and data, even if this data will be stored on the provider’s server, so caution is also recommended in this case. Especially when these servers are outside of the European Economic Area, such as USA, because there consist a much lower level of data privacy protection than in Germany. The purpose of this diploma thesis is to explore these difficulties in relation to data protection and data security. By means of a catalog of criteria, the most important requirements and security criteria will be listed and compared with those of the provider. Against this background a number of possible opportunities for a concept of ’anonymization’ of data are considered, to secure that the data storage complies with legal requirements, such as the German Federal Data Protection Act. 4