Trust in cloud computing is essential.
It has never been more true than today to assert that without user trust, technology will not be able to advance to reach its full potential. At the core of building trust is robust data protection. The EU Data Protection Code of Conduct for Cloud Service Providers plays an important role here. Known by its abbreviated name EU Cloud Code of Conduct, it sets out clear requirements and recommends procedures to raise the level of data protection in cloud services, based on GDPR.
The first version of the EU Cloud Code of Conduct was released in February 2017, following close collaboration between the Cloud Select Industry Group and the European data protection regulatory bodies. As of 25 May 2018, the EU Cloud CoC has been revised to align with the new rules under GDPR. For this latest release of the Code, we have added an implementation guide, the Controls Catalogue, which builds on industry best practices in security and privacy and expands upon them. Requirements of the GDPR and the Code are linked and mapped to leading information security standards.
This is the first time that a single initiative allows a cloud provider or a cloud customer to establish precisely which requirements they should meet under the GDPR, which assurances they get from existing certifications, and above all obtain the certainty that the gap between the GDPR and the certification is comprehensively filled. This is a crucial added value of the Code.