Skip navigation

Press Release: Workday Becomes First Cloud Service Provider to Demonstrate Adherence to EU Cloud Code of Conduct

EU Cloud CoC Press Release

Brussels, 9 August 2019 – The EU Cloud Code of Conduct (the Code or EU Cloud CoC) General Assembly’s Monitoring Body, SCOPE Europe, today announced that Workday – a leading provider of enterprise cloud applications for finance and human resources – is the first organization to adhere to the Code, which demonstrates a robust level of data protection and transparency and aligns with GDPR requirements.

The Monitoring Body is applying a strong set of principles and procedures under provisional assessments while the EU CoC General Assembly awaiting official approval by the supervisory authorities of the Code. Workday prioritized completion of these procedures to quickly achieve this inaugural milestone following the EU Cloud CoC General Assembly’s release of the finalized Code version in April 2019.

All declared Workday cloud services earned EU Cloud CoC verification following critical review and auditing processes to ensure compliance. The relevant cloud services are now listed in the Public Register, which also includes a public report that details the declaration of adherence. In accordance with the Code provisions, Workday will be required to re-confirm adherence on an annual basis.

Conducting the verification of compliance with the Code regarding the first services declared adherent has proven that both the material requirements of the Code and the formal procedures of its monitoring are feasible for cloud service providers – in tandem of course with the rigorous scrutiny by the Monitoring Body which is part of the process.

“This is another important milestone for the EU Cloud Code of Conduct and its General Assembly and is a testament to our commitment to upholding the highest standards of data privacy across borders. The assessment Workday successfully completed to demonstrate adherence to the Code has been conducted under a set of demanding requirements and conditions,“ said Jonathan Sage, Government and Regulatory Affairs Executive at IBM and Chairman of the EU Cloud CoC General Assembly.

“Data privacy is paramount to Workday, which is why we were one of the first companies to certify to both Privacy Shield and the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules and Privacy Rules for Processors. Being the first to adhere to the EU Cloud Code of Conduct is further proof of our continued commitment to global data protection,” said Barbara Cosgrove, vice president and chief privacy officer, Workday. “We value the leadership shown by SCOPE Europe and the EU Cloud CoC General Assembly and their efforts to ensure enterprise cloud service providers continue to uphold the highest standards of data protection.”