EU Code of Conduct for Cloud Service Providers
- 42m
- Alan Calder
- IT Governance
- 2021
The EU Data Protection Code of Conduct for Cloud Service Providers - A guide to compliance
Formally founded in 2017, the EU Data Protection Code of Conduct for Cloud Service Providers (otherwise known as the EU Cloud Code of Conduct; the Code) is a voluntary code of conduct created specifically to support GDPR compliance within the B2B (business-to-business) Cloud industry. The EU Commission, the Article 29 Working Party (now the European Data Protection Board (EDPB)), the EU Directorate-General for Justice and Consumers, and Cloud-industry leaders have all contributed to its development, resulting in a robust framework that recognises the unique requirements of the Cloud industry.
Cloud providers must ensure that their services - which by design involve accessing and transferring data across the Internet, exposing it to far greater risk than data stored and processed within an organisation's internal network - meet or exceed the GDPR's requirements in order to provide the security and privacy that the market expects. Organisations can achieve this via compliance to the EU Cloud Code of Conduct.
The EU Cloud Code of Conduct has already been adopted by major Cloud service organisations, including:
- Microsoft;
- Oracle;
- Salesforce;
- IBM;
- Google Cloud;
- Dropbox; and
- Alibaba Cloud.
Public and business focus on information security and data protection continues to increase in the face of a constantly changing threat landscape and ever-more stringent regulation, and compliance to initiatives such as the EU Cloud Code of Conduct demonstrates to current and potential customers that your organisation is taking data privacy seriously, as well as strengthens your organisation's overall approach to information security management, and defences against data breaches.
The EU Data Protection Code of Conduct for Cloud Service Providers provides guidance on how to implement the Code within your organisation. It explores the objectives of the Code, and how compliance can be achieved with or without a pre-existing ISMS (information security management system) within the organisation.
In this Book
-
Data Protection Requirements
-
Security Requirements
-
Detailed Security Objectives
-
Transparency
-
Assessment and Certification
-
Conclusion