Brussels, 19th May 2021 – The CISPE Data Protection Code of Conduct has become the first pan-European sector-specific code approved for cloud infrastructure service providers under the European Union’s General Data Protection Regulation (GDPR). The endorsement was confirmed by the European Data Protection Board (EDPB) comprised of the the 27 European Data Protection Authorities.
CISPE’s pioneering code helps organisations across Europe accelerate the development of GDPR compliant cloud-based services for consumers, businesses, and institutions. By selecting declared CISPE code-compliant services, IaaS customers are assured of trustworthy cloud infrastructures that adhere to data handling and storage practices in strict compliance with GDPR.
“GDPR was a welcome development, and the CISPE code brings clarity to its data protection requirements for cloud infrastructure providers” says Alban Schmutz, President of CISPE (Cloud Infrastructure Service Providers in Europe), the industry association behind the code.
“The CISPE Data Protection Code of Conduct gives cloud service providers an approved framework to demonstrate full compliance of their certified cloud services, providing concrete examples of what they and their customers are expected to do to protect data under GDPR rules.”
“We are very proud of this endorsement by the European Data Protection Board” declared Danilo Vivarelli, CEO of IRIDEOS. “It gives our IaaS services, already compliant to the CISPE Code of Conduct and already approved by AgID (Agency for Digital Italy), a further seal of approval for our Customers as a trustworthy cloud infrastructure.”
CISPE’s Code of Conduct is unique in three important ways. It is the first, and currently only, code to focus exclusively on the Infrastructure-as-a-Service (IaaS) sector and address the specific roles and responsibilities of IaaS providers not represented in more general codes. The CISPE Code of Conduct creates confidence and trust amongst customers and their end users that a certified IaaS service is compliant with GDPR. It also assures them that cloud infrastructure service providers will only access or use customer data to maintain or provide the service and will not use customer data for marketing or advertising purposes.
While not required for GDPR compliance, many European businesses want to retain sovereignty over their data by ensuring that it remains within the EU. Uniquely, the CISPE Code of Conduct gives IaaS customers explicit options to select services that enable data to be processed entirely within the European Economic Area. As such the CISPE Code of Conduct also promotes data protection best practices which support the EU’s GAIA-X initiative to develop European cloud data services.
Compliance with the CISPE Code of Conduct is verified by independent, external auditors accredited by the relevant Data Protection Authority. Acting as “Monitoring Bodies” these strengthen the level of assurance provided by services certified under the code.The CISPE Code of Conduct offers a diverse portfolio of independent monitoring bodies allowing for a broad range of services and price points to suit the diversity of businesses in the burgeoning cloud infrastructure sector. GDPR compliance can be complex and expensive, especially for SMEs and start-ups. These organisations often rely heavily on IaaS and will widely benefit from the ease of use and cost-effectiveness of the CISPE Code of Conduct.
“CISPE was the first organisation in any industry to engage and work hand-in-hand with the regulator and EU institutions to define a code that goes beyond GDPR requirements to protect the interests of infrastructure providers, their customers, and end-users,” added Schmutz.
Cloud service providers (CSPs) which adopt the CISPE Code of Conduct benefit from practical and operational guidance as well as being bound by a set of enforceable rules that ensure GDPR compliance for their services.
To know more about the Code that was green lighted by the European Data Protection Board on May 19th 2021, please go to : www.codeofconduct.cloud