Alibaba Cloud, Fabasoft, IBM, Oracle, Salesforce and SAP are founding members of the General Assembly of the Cloud Code of Conduct and support the role of the cloud computing industry in improving transparency and helping cloud customers understand how data protection issues are addressed by cloud service providers.
Cloud computing provides significant benefits to both public and private sector customers in terms of cost, flexibility, efficiency, security and scalability. However, cloud customers must be able to trust a Cloud Service Provider (CSP) before entrusting data and applications to a CSP.
As representatives of European and multinational companies and organizations with significant involvement in cloud computing, our goal is to demonstrate and assure cloud customers that we are compliant with data protection laws and prepared for the General Data Protection Regulation (GDPR) coming into effect in May 2018. CSPs can demonstrate their capacity to comply with the Code across varying levels of proof and assurance.
Our Tool: The Code
The Code of Conduct was developed by the Cloud Select Industry Group (Data Protection Code of Conduct Subgroup) convened by the European Commission under the auspices of DG Connect and with the involvement and advice of DG Justice.. Development of the Code was further informed by input from the Article 29 Working Party.
The Code of Conduct consists principally of a set of requirements for CSPs adhering to the Code, plus a governance structure that aims to support the effective and transparent implementation, management, and evolution of the Code.
The intention of the Code of Conduct is to make it easier for cloud customers (in particular small and medium enterprises and public entities) to determine whether particular cloud services are appropriate for their desired use.
In addition, the transparency created by the Code will contribute to an environment of trust and create a high default level of data protection in the European cloud computing market.
CSPs must ensure personal data is processed in accordance with the EU Data Protection Directive, its national transpositions and subsequent EU data protection laws, in particular the General Data Protection Regulation and any further European data protection legislation.
When adhering to this Code of Conduct, CSPs commit to the Code's requirements and practices. Consequently, cloud customers can be more confident of how the CSP has implemented data protection measures in compliance with applicable laws. CSPs whose adherence to the Code has been published in the public register may choose to publicly show their adherence by using the trusted Code of Conduct mark.
Media & Press
Jörn Wittmann, Managing Director SCOPE Europe, explains challenges of GDPR and how Code of Conducts, like EU Cloud CoC, may safeguard future compliance with GDPR
We are pleased to announce that Alibaba Cloud joins the Code of Conduct. Read Alibaba Cloud's statement here:
IBM Among the First Companies to Sign EU Data Protection Code of Conduct for Cloud Service Providers
We are pleased to announce that IBM has signed up to the Code of Conduct with its SofLayer and Bluemix Infrastructure Cloud Services. As one of the world’s leading cloud service providers, IBM recognises the key role of the Code of Conduct in strengthening trust with customers. Read IBM’s statement here:
Oversight body handed Code of Conduct for Cloud Service Providers
The Cloud Select Industry Group made efforts on a Code of Conduct, that will set standards throughout Europe.