Alibaba Cloud, Fabasoft, IBM, Oracle, Salesforce and SAP are founding members of the General Assembly of the EU Cloud Code of Conduct and support the role of the cloud computing industry in improving transparency and helping cloud customers understand how data protection issues are addressed by cloud service providers.
Cloud computing provides significant benefits to both public and private sector customers in terms of cost, flexibility, efficiency, security and scalability. However, cloud customers must be able to trust a Cloud Service Provider (CSP) before entrusting data and applications to a CSP.
As representatives of European and multinational companies and organizations with significant involvement in cloud computing, our goal is to demonstrate and assure cloud customers that we are compliant with data protection laws and prepared for the General Data Protection Regulation (GDPR) coming into effect in May 2018. CSPs can demonstrate their capacity to comply with the Code across varying levels of proof and assurance.
Our Tool: The Code
The Code of Conduct was developed by the Cloud Select Industry Group (Data Protection Code of Conduct Subgroup) convened by the European Commission under the auspices of DG Connect and with the involvement and advice of DG Justice. Development of the Code was further informed by input from the Article 29 Working Party.
The EU Cloud Code of Conduct consists principally of a set of requirements for CSPs adhering to the Code, plus a governance structure that aims to support the effective and transparent implementation, management, and evolution of the Code.
The intention of the EU Cloud Code of Conduct is to make it easier for cloud customers (in particular small and medium enterprises and public entities) to determine whether particular cloud services are appropriate for their desired use.
In addition, the transparency created by the Code will contribute to an environment of trust and create a high default level of data protection in the European cloud computing market.
CSPs must ensure personal data is processed in accordance with the EU Data Protection Directive, its national transpositions and subsequent EU data protection laws, in particular the General Data Protection Regulation and any further European data protection legislation.
When adhering to the EU Cloud Code of Conduct, CSPs commit to the Code's requirements and practices. Consequently, cloud customers can be more confident of how the CSP has implemented data protection measures in compliance with applicable laws. CSPs whose adherence to the Code has been published in the public register may choose to publicly show their adherence by using the trusted EU Cloud Code of Conduct mark.