The Code has been designed to define general requirements for the engagement of Cloud Service Providers (CSP) as processor under GDPR. Whilst the latest version of the Code has received official approval by the Belgian Data Protection Authority pursuant Article 40 GDPR and represents the core of a constantly growing and evolving ecosystem within the cloud and privacy communities.
As cloud computing is becoming business standard, CSPs but especially Cloud Customers are facing a steadily increasing amount of requirements. Ensuring compliance with contractual, European and international regulatory obligations easily reaches a significant level of complexity.
The EU Cloud CoC is willing to address the needs of such a changing environment. Where necessary, the Code shall be complemented by dedicated modules either extending or further detailing its requirements. By that, the Code will facilitate the engangement of CSPs in various contexts, such as health, finance, banking, and public services.
Following Schrems II (C-311/18), the General Assembly decided to first focus on a dedicated module upgrading the Code to a safeguard to transfer personal data to third countries, Article 46 GDPR. Learn more about this initiative by reading our press release.