The EU Data Protection Code of Conduct for Cloud Service Providers: A guide to compliance - Paperback

by Alan Calder (Author)

The EU Data Protection Code of Conduct for Cloud Service Providers - A guide to compliance

Formally founded in 2017, the EU Data Protection Code of Conduct for Cloud Service Providers (otherwise known as the EU Cloud Code of Conduct; the Code) is a voluntary code of conduct created specifically to support GDPR compliance within the B2B (business-to-business) Cloud industry. The EU Commission, the Article 29 Working Party (now the European Data Protection Board (EDPB)), the EU Directorate-General for Justice and Consumers, and Cloud-industry leaders have all contributed to its development, resulting in a robust framework that recognises the unique requirements of the Cloud industry.

Cloud providers must ensure that their services - which by design involve accessing and transferring data across the Internet, exposing it to far greater risk than data stored and processed within an organisation's internal network - meet or exceed the GDPR's requirements in order to provide the security and privacy that the market expects. Organisations can achieve this via compliance to the EU Cloud Code of Conduct.

The EU Cloud Code of Conduct has already been adopted by major Cloud service organisations, including:

• Microsoft;
• Oracle;
• Salesforce;
• IBM;
• Google Cloud;
• Dropbox; and
• Alibaba Cloud.

Public and business focus on information security and data protection continues to increase in the face of a constantly changing threat landscape and ever-more stringent regulation, and compliance to initiatives such as the EU Cloud Code of Conduct demonstrates to current and potential customers that your organisation is taking data privacy seriously, as well as strengthens your organisation's overall approach to information security management, and defences against data breaches.

The EU Data Protection Code of Conduct for Cloud Service Providers provides guidance on how to implement the Code within your organisation. It explores the objectives of the Code, and how compliance can be achieved with or without a pre-existing ISMS (information security management system) within the organisation.

Author Biography

IT Governance Publishing (ITGP) is the world's leading IT-GRC publishing imprint and wholly owned by IT Governance Ltd. ITGP provides books and tools covering all IT governance, risk management and compliance frameworks, producing unique and practical publications of the highest quality, in the latest formats available, and which readers will find invaluable.