2 accreditations, 2 distinct processes
Since 2021, SCOPE Europe has served as the accredited Monitoring Body for the EU Cloud Code of Conduct, the first legally operational transnational GDPR code of conduct addressing the entirety of the cloud computing market (IaaS, PaaS, SaaS). We later expanded our monitoring activities to a national context with the Data Pro Code, following our second accreditation by the Dutch Data Protection Authority in 2023. This code, tailored for micro, small, and medium-sized enterprises in the Netherlands, presents a practical route to GDPR alignment for IT service providers.
Each code of conduct requires its own accreditation, with SCOPE Europe having undergone two distinct evaluations based on the specific provisions outlined under Article 41 GDPR, relevant guidelines from the European Data Protection Board (EDPB) and national accreditation criteria established by the competent Data Protection Authorities. Our continued work is grounded in the responsibilities entrusted to monitoring bodies: to conduct independent assessments, evaluate services against the defined controls, and manage complaint procedures—all in line with an established monitoring framework that follows the risk-based approach implemented by GDPR.
Evolving lessons in practice
Over time, monitoring a diverse range of services has offered valuable insights into the role of structured compliance frameworks. One consistent takeaway is the importance of balancing thorough oversight with accessible processes—ensuring that assessments are rigorous but also scalable for a broad spectrum of market participants.
Our experience has also underscored the added value that voluntary, sector-specific instruments can bring to GDPR implementation. Codes of conduct, when accompanied by effective monitoring, can help translate complex legal norms into actionable standards and encourage adherence to shared benchmarks for responsible data handling.
Another key lesson has been the importance of fostering a collaborative compliance environment. The development and operationalization of codes rely not only on the work of monitoring bodies but also on transparent communication with code owners, supervisory authorities, and costumers. This interaction helps drive continuous improvement and adaptability in the face of evolving legal and technological landscapes.
Looking Ahead
As more organizations seek scalable and trustworthy compliance tools, codes of conduct—and the independent monitoring that accompanies them—will remain an important pillar of GDPR implementation. Whether enabling cloud providers to desmontrate compliance through the EU Cloud CoC or MSMEs to do the same in the Netherlands via the Data Pro Code, our core goal remains: to ensure that monitoring fosters both high standards of data protection and practical compliance pathways.
As the ecosystem of codes and monitoring bodies continues to grow, we remain committed to strengthening accountability, transparency, and trust in data processing practices.
Learn more about our monitoring work: scope-europe.eu/en/monitoring-body
Explore the EU Cloud CoC Public Register and Data Pro Code Public Register to see currently monitored services.
