Brussels, 25. April 2019 – The EU Cloud Code of Conduct General Assembly reaches another milestone in releasing latest Code version that will be submitted to the supervisory authorities.
The EU Cloud Code of Conduct General Assembly has now completed its extensive revision of the Code, further developing the substance of the Code and aligning its provisions to GDPR. Based on input by supervisory authorities and the recently published Guidelines on Codes of Conduct and Monitoring Bodies by the European Data Protection Board, the Code has been further enhanced to ensure a robust level of data protection and transparency, complemented by an independent monitoring function.
Today, the EU Cloud Code of Conduct General Assembly published the revised Code version which will be submitted to the supervisory authorities for approval. “This Code release is a big achievement for the EU Cloud Code of Conduct, bringing the Code fully up to date with GDPR – it is an important milestone for achieving high levels of data protection in the Cloud”, said Jonathan Sage, Government and Regulatory Affairs Executive at IBM and Chairman of the EU Cloud CoC General Assembly. “As the EU Cloud Code of Conduct General Assembly, we look forward to submitting the Code for approval as part of the formal process and to continuing the constructive dialogue with supervisory authorities.”
The EU Cloud Code of Conduct General Assembly has also finalized the work on the so-called Controls Catalogue, an extensive implementation guidance for cloud service providers which also aligns the provisions of the Code to respective articles of GDPR and to European and international security standards such as ISO, SOC and C5. The Controls Catalogue is only accessible for members of the EU Cloud Code of Conduct and complements the Code with binding requirements for cloud service providers adhering to the Code.
“It was a highly complex and resource-intensive task to establish an effective data protection Code of Conduct for the entire cloud market, covering all service types and being accessible to different company sizes. We are proud to be part of this team which not only invested a lot of resources in the Code development, but also proved their willingness to develop a credible solution for the Cloud market in Europe”, said Helmut Fallmann, Member of EU Cloud CoC Steering Board and Member of the Managing Board at Fabasoft.
“Any organization using cloud-based services needs to trust that their data is being managed with the highest levels of privacy and protection in-place”, said Barbara Cosgrove, vice president, chief privacy officer, Workday. “At Workday, we’re committed to upholding strong data privacy protections, which is why we felt it was important to be part of the development of the EU Cloud Code of Conduct. We look forward to the Code obtaining approval from supervisory authorities in the near future.”
Though the official approval of the Code is pending, SCOPE Europe has already prepared its procedures to effectively monitor adherent Cloud services. In this context, cloud service providers are now welcome and invited to sign up their services under the current version of the Code, to publicly underpin their efforts to comply with GDPR requirements. The EU Cloud CoC can already apply the same principles and procedures now, pending the endorsement of the Code and its official approval by supervisory authorities.