EU Cloud Code of Conduct Summary
The EU Data Protection Code of Conduct for Cloud Service Providers (known by its abbreviated name EU Cloud Code of Conduct) sets out clear requirements and recommends procedures to raise the level of data protection in cloud services, based on GDPR.
The current Cloud Code of Conduct helps cloud service providers demonstrate compliance with all the requirements of the GDPR, as well as an extensive range of data security demands.
Based on input by supervisory authorities and the Guidelines on Codes of Conduct and Monitoring Bodies by the European Data Protection Board, the Code has been designed to ensure a robust level of data protection and transparency, complemented by an independent monitoring function.
EU Cloud Code of Conduct in the TrustArc Platform
The EU Cloud Code of Conduct PrivacyCentral solution incorporates the controls catalog developed as part of the Code as well as alignment with ISO 27001, GDPR, UK GDPR, APEC CBPRs and PRPs, the TrustArc Privacy and Data Governance Framework, Nymity Privacy Management Accountability Framework, CCPA, LGPD, and HIPAA so that organizations can leverage the standards they already have in place to demonstrate their adherence to the Code.
Monitoring & TrustArc Collaboration
Compliance will be monitored by an independent monitoring body, Scope Europe, as well as by the Belgian Data Protection Authority.
At this time, the Code is not yet approved to function as a legal basis for international data transfers. However, an additional module is being prepared to cover international transfers. TrustArc is part of the drafting team for the Third Country Transfer Module.
Serious Privacy Podcast hosts
K Royal and Paul Breitbarth present the unique potential of the EU Cloud CoC to demonstrate GDPR compliance for all service types of cloud computing.