Skip navigation

Moderated by

Samuel Stolton
Journalist and Editor, specialised in European politics and technology news

Agnieszka Bruyere
Vice-President | IBM Cloud, IBM EMEA

David Stevens
Chairman | Belgian Data Protection Authority 

Helmut Fallmann
Co-CEO & Co-Founder | Fabasoft
Co-Chair of the EU Cloud CoC General Assembly

Michał Paprocki
Chief Technology Officer | Euroclear 

Jonathan Sage
EU lead Government and Regulatory Affair | IBM
Chair of the EU Cloud CoC General Assembly

Jörn Wittmann
Managing Director | SCOPE Europe

Barbara Cosgrove
Vice President, Chief Privacy Officer | Workday

Matthias Cellarius
Head of SAP Data Protection & Privacy; Head of SAP Export Control | SAP

Karine Picard
Vice-President Business Development EMEA | Oracle 

Nathaly Rey
Head of Data Governance EMEA | Google Cloud

Peter Schaar
Former German Federal Commissioner for Data Protection and Freedom of Information

Jo Copping
Senior Director, Privacy EMEA | SalesForce

Moderated by

Gabriela Mercuri
Manager Public Policy & Economic Affairs | SCOPE Europe

Aliki Foinikopoulou
Director, EU Government Affairs and Public Policy | Salesforce

Hans Graux
Attorney-at-law and Partner | Time.lex

Corinna Schulze
Director, EU Government Affairs | SAP

Charlotte Thornby Nielsen
Head of EU Affairs, EMEA Senior Director Public Policy and Corporate Affairs | Oracle

Antoine Bon
Legal Advisor in Privacy and Data Protection | Belgian Data Protection Authority

Alkesh Haria
Regulatory, Compliance & Business Privacy Leader | IBM

Fabrizio Venturelli
Senior Director, Global DPO | Workday

Paul Breitbarth
Director EU Operations & Strategy | TrustArc and Nimity

Marc Crandall
Global Head of Privacy | Google Cloud

Cornelia Kutterer
Senior Director, Rule of Law & Responsible Tech, European Government Affairs | Microsoft

Lorena Marciano
Director Global Privacy & Data strategy | Cisco

General Session | 9.15 AM to 12.35 PM (CEST)

The General Session aims for introducing today's challenges for Cloud Computing, particularly in guaranteeing GDPR compliance. 

Different stakeholders will present their views, experience on and expectations for compliant Cloud Services. Alongside general matters this General Session will also touch upon co-regulatory frameworks such as Codes of Conduct as provided by Article 40 GDPR, highlighting the future and valuable role of initiatives such as the EU Cloud CoC.

Opening Statement | 9.15 AM (CEST)

The morning's General Session will be opened by Agniezka Bruyere, Vice-President IBM Cloud, IBM EMEA.

Vice-President of IBM Cloud EMEA, Agnieszka Bruyère, held the opening statement of the EU Cloud Compliance Summit 2021, announcing the approval of the EU Cloud CoC by the Belgian Data Protection Authority and the accreditation of SCOPE Europe as its monitoring body.

Bruyère gave us an insightful overview of the uniqueness and importance of the EU Cloud CoC and its approval. As she rightfully stressed, up to now, there was a lack of reliable and easy tool to assess the compliance of cloud computing services, which created uncertainty to Cloud Users as well as Cloud Service Providers. Ending this period, according to Bruyére, the 20th of May marked a milestone, which will change and build trust in the cloud computing industry.

Also providing interesting insights on the journey that leads to the approval of the EU Cloud CoC and the accreditation of SCOPE Europe, Agnieszka Bruyére underlined how proud she is of IBM, contributing to this important project and being part of this broad community.  

Watch the full statement above. 

Keynotes | 9.25 AM (CEST)


The Keynote speeches will be held by Former Vice President of the European Commission and Member of Salseforce's Non-Executive Board of Directors Neelie Kroes, Belgian Secretary of State for Digitisation Mathieu Michel, Chairman of the Belgian Data Protection Authority David Stevens, and  Director for the Future Networks Directorate, DG CONNECT, European Commission Pearse O'Donohue

Back in 2012, when serving as Vice President of the European Commission for digital agenda, Neelie Kroes and her team tabled the European Cloud Strategy, which was responsible for kickstarting the cooperation that led to the EU Cloud CoC. Against this background, Ms. Kroes emphasized the importance of reaching the approval of the first transnational code of conduct for the cloud industry.

According to Kroes, for many years the European market suffered from confusion and legal uncertainty and, in this context, the EU Cloud CoC puts forward a high-quality baseline which fosters the indispensable trust to significantly broaden the adoption of this key technology across Europe.

Watch the full statement above. 

Belgium State Secretary for Digitization delivered a powerful message while addressing the approval of the EU Cloud CoC and accreditation of SCOPE Europe. Mr. Michel congratulated all stakeholders involved and affirmed that this initiative attests to the potential of collaborations among the industry, public and regulatory authorities.

Furthermore, the Secretary stressed that given the complexity of data protection law and regulations, providing appropriate guidance to both controllers and processers is extremely important, especially for SMEs. In that regard, the EU Cloud CoC emerges as an important tool to guarantee that rules and obligations are clear, which supports the necessary building of trust, indispensable element for citizens to engage in the digital transformation.

Watch the full statement above.

After congratulating all those involved in the approval of the EU Cloud CoC and accreditation of SCOPE Europe, Mr. O’Donohue has rightfully emphasized the importance of this milestone to ensure the appropriate translation of GDPR principles into practical and workable tools.   

Furthermore, the Director Future Networks at DG Connect addressed the vital role of the industry in supporting the implementation of state-of-art data protection, especially within a highly innovative environment such as cloud computing. Moreover, he affirmed that the EU Cloud CoC is a baseline upon which future initiatives shall be built to continuously guarantee the meeting of European standards.

Watch the full statement above. 

Chairman of the Belgian Data Protection Authority, David Stevens, has joined two segments of the EU Cloud Compliance Summit. During his first intervention as a keynote speaker, he walked the audience through the reasons why the EU Cloud CoC become the very transnational code of conduct to be approved under GDPR and SCOPE Europe the first accredited monitoring body.

According to Mr. Stevens, the key elements that make this instrument unique consist of its broad scope – covering all cloud offerings from infrastructure, through software and platform services –, its open nature which ensures suitability for the overall cloud community, including SMEs, and finally the transparency provided by the Code’s structure.  

Watch the full statement above.

Membership Statements | 10.00 AM (CEST)

“The code sets forward clear actionable and verifiable controls to protect personal data in accordance with the EU standard of care. Adherence to the Code enables hundreds of millions of EU users to safely participate in digitalization, innovation and economic growth”.

We have been thrilled to see and contribute to this effort over the last 4 years […] we, as part of this announcement, are thrilled to share that we, ourselves at TrustArc, have made the EU Cloud CoC standards available within our platform and very specifically we are excited to share that our brain new data driven privacy management solution, called privacy central, has incorporated in the EU Cloud CoC”

“We are pleased that the EU Cloud CoC forges the high constant standard of data protection and the necessary room for continuous development and improvement in the cloud market. We look forward to working with all member partners for the joining efforts under the Eu Cloud CoC, it is our great honor to have this opportunity”. 

“This joined effort between public authorities and private companies will create transparency eliminate legal uncertainties and will establish an entirely new balance between interests of all involved parties in the cloud sector”.

“We appreciate the strong leadership by SCOPE Europe, we are proud to be part of this community which has not only invested a lot of time and resources in the development of the Code, but it is also working hard to develop sound and lasting solutions for the cloud market in Europe”.

The EU Cloud CoC is a huge leap forward towards transparency, accountability, efficiency and standardization in respect of privacy for all cloud service providers […] as comprehensible and reliable framework for GDPR compliance”.

“As cloud services has become increasingly integral to our daily lives […], we believe that codes of conduct serve a vital role in cloud service providers trust […] The EU Cloud Code of Conduct is key to demonstrate how cloud services providers can meet high data protection standards”.

“We have been a member of the EU Cloud CoC for several years and believe this is important for the fast-growing SME segment within the EU to show compliance […] we think the Code will help us to show trust, not only for organisations within the EU, but also for other organisations around the globe”.

“The ability to protect rights of millions of people by fostering an environment of innovation and growth has never been more urgent and the EU Cloud CoC is the combination of years of work and does exactly that”.

Panels | 10.30 AM to 12.35 PM (CEST)

Panel I | 10.30 AM (CEST)

Panel I will be convening key stakeholders responsible for the materialisation of the development of the EU Cloud CoC alongside representatives of major cloud users’ groups, namely the automotive and financial industries. 

This set up aims at putting forward a discussion on what are the main drivers of such co-regulatory initiatives as well as how each of those actors contributed to the optimisation of the design, negotiation, and implementation processes of the EU Cloud CoC. 

Oliver Draf
Chief Privacy Officer | Volkswagen Group

Panel II | 11.35 AM (CEST)

Panel II seeks to explore how the experience of contributing to the development as industry has concretely impacted Cloud Service Providers and their day-to-day activities, including their internal policies and compliance exercises, as well as their market and government relations.

Moreover, this round of discussion will bring one of the main creators of the monitoring concept behind the Code, Former German Federal Commissioner for Data Protection and Freedom of Information, Peter Schaar.

This set up aims at promoting a parallel between what has been primarily envisioned and the actual materialisation of this mechanism. In this context, CSPs will be able to present their concrete experiences when it comes to the ongoing due diligence put forward by the monitoring processes, besides sharing the overall benefits both membership and adherence can provide. 

12.35 to 1.00 PM (CEST)

Special Interest Session | 1.00 PM to 3.50 PM (CEST)

Afternoon's Special Interest Session aims to provide several deep-dives. Three Workshops will enlighten relevant aspects on developing Codes of Conduct and how to benefit as industry from such standards. Furthermore, there will be presentation how Codes of Conduct may become an entire ecosystem by extending their scope and added value by dedicated on-top modules. Last but not least, insights on the formal requirements regarding a Code's approval and a Monitoring Body's accreditation will be shared; this specific topic will be completed by first-hand information on how the EU Cloud CoC is being enforced and why rigoros scrutiny is even desirable and conducive for industry.

Workshop I - Membership, Benefits, and Marketing | 1.00 PM (CEST)

Workshop 1 seeks to promote an in-depth discussion on the path that led the EU Cloud CoC to reach its current state and value add, exploring the experiences of three CSPs that have been actively involved in the project alongside the angle of a legal expert who has contributed significantly to the very conception of the Code.

This approach aims at deep diving into the concrete experiences of these key players, discussing the overall benefits of engaging in this initiative while analysing how the particular structure and management system put forward by the EU Cloud CoC has impacted their internal procedures as well as external relations. 

Workshop II - Governance, Monitoring and Regulator's Perspective | 2.00 PM (CEST)

The main purpose of the EU Cloud CoC is to concretise the legal requirements of Art. 28 GDPR – and all relevant related Articles of the GDPR – for practical implementation within the cloud market. The Code’s structure consists of two main parts: the code text itself and an accompanying Controls Catalogue.

Giving this particular set-up, which puts forward high levels of legal certainty while fostering innovation and growth, this workshop aims at gathering the main stakeholders involved in this process – namely, the Belgian DPA, SCOPE Europe, and the industry. This group of experts will then discuss how GDPR provisions have been materialised over time though this initiative, the main challenges encountered throughout its development, besides exploring potential post-approval outcomes.

Frank Ingenrieth, LL.M.
Director Monitoring and Auditing, Legal Affairs | SCOPE Europe

Workshop III - Data Transfers and Other Additional Modules | 3.00 PM (CEST)

The EU Cloud CoC General Assembly started to work on an effective and yet accessible safeguard for third country transfers in the format of an on-top module to the Code.

The aim of this module is to create a robust, yet generic framework that can concomitantly guarantee that third country transfers can respond to the fast-paced dynamic of international markets and that data subjects are properly and uniformly protected in accordance with European standards.

This initiative is another testimony of how Codes of Conduct have the unparalleled potential to guarantee the enforcement of European standards while creating an appropriate environment for businesses to thrive.