Skip navigation

Deep Dive into the Principles of the First Operational Transnational Code of Conduct – The EU Cloud CoC


Roughly one month ago, Selbstregulierung Informationswirtschaft e.V. (SRIW) published “GDPR’s 5th Anniversary Resumée - A practical resumée from a co-regulatory perspective, reflecting Codes of Conduct and Monitoring Bodies in particular”. Being the first operational transnational Code of Conduct, the EU Code of Conduct for Cloud Service Providers (EU Cloud CoC) shares its real life experience and developed principles as part of the resumée.

Run by industry stakeholders, the EU Cloud CoC is an EDPB endorsed and legally operational transnational Code of Conduct that provides explicit guidance for cloud service providers to effectively incorporate the obligations specified in Article 28 GDPR. Successfully going through the EU Cloud CoC assessment serves as proof of compliance towards Data Protection Supervisory Authorities and cloud users.

“[…] the EU Cloud CoC genuinely chose approaches which could be referred to a good practice for the development of Codes of Conduct in general […]”

The EU Cloud CoC foresees several principles, which might be considered good practices in the future as of today. In other instances, real life experience indicates what adapted approaches will likely become good practices. Two of the approaches are certainly the modularity of the Code and the principles of a monitoring framework within the Code itself.

Read the full publication here: “First operational transnational Code of Conduct –Deriving Good Practices from Real Life Lighthouses”.