INFORMATION TECHNOLOGY
First Code of Conduct for Data Protection in Cloud Infrastructure goes live.
CISPE, the voice of Cloud Infrastructure Service Providers in Europe, announced that companies including Aruba, AWS (Amazon Web Services), Elogic, Leaseweb, Outscale and OVHCloud are the first of its members to declare services to be compliant with its Code of Conduct for Data Protection.
The CISPE Code of Conduct for Data Protection in Cloud Infrastructure (CISPE Code), validated by the European Data Protection Board (EDPB) and approved by the French Data Protection Authority (CNIL), is the first General Data Protection Regulation (GDPR) code of conduct specifically designed for cloud infrastructure service providers.
The controlled adherence by independent monitoring bodies provides cloud infrastructure customers with an added level of assurance when developing GDPR compliant services in the cloud.
Clear steps to compliance, verified by independent Monitoring Bodies
As a compliance tool validated by data protection authorities, the CISPE Code provides additional assurance that cloud services can be used in compliance with the GDPR. For the first time industry players can declare compliant services under the supervision of independent monitoring bodies accredited by CNIL as the supervisory authority.
Pioneering Data Protection and Processing Customer Data Exclusively in Europe
As discussions around sovereignty and Europe’s capacity for strategic autonomy in key digital markets gain momentum, the CISPE Code is the first tool approved by the EDPB to go beyond the requirements of GDPR by certifying services to ensure no reuse of customer data, and to give customers the choice to use services to store and process customer data exclusively in the European Economic Area (EEA).
Automated Compliance and partnership with GAIA-X
A key objective of the GAIA-X project is to provide automated compliance to digitally build transparency and trust. Together with GAIA-X CTO Office, CISPE has used its Code of Conduct for Data Protection to issue verifiable credentials following the W3C standard.
These allow GAIA-X to automatically verify claims of compliance to provisions regarding data protection and data location.
This mechanism will be made available to other codes of conducts or compliance mechanisms and help GAIA-X to verify claims on cloud services against security, portability or sustainability. In particular, CISPE will offer its members the same mechanisms of other self-regulatory tools it has helped to develop including the Climate Neutral Data Centre Pact and the 10 Principles of Fair Software.
The CISPE Code of Conduct for Data Protection in Cloud Infrastructure (CISPE Code), validated by the European Data Protection Board (EDPB) and approved by the French Data Protection Authority (CNIL), is the first General Data Protection Regulation (GDPR) code of conduct specifically designed for cloud infrastructure service providers.
The controlled adherence by independent monitoring bodies provides cloud infrastructure customers with an added level of assurance when developing GDPR compliant services in the cloud.
Clear steps to compliance, verified by independent Monitoring Bodies
As a compliance tool validated by data protection authorities, the CISPE Code provides additional assurance that cloud services can be used in compliance with the GDPR. For the first time industry players can declare compliant services under the supervision of independent monitoring bodies accredited by CNIL as the supervisory authority.
Pioneering Data Protection and Processing Customer Data Exclusively in Europe
As discussions around sovereignty and Europe’s capacity for strategic autonomy in key digital markets gain momentum, the CISPE Code is the first tool approved by the EDPB to go beyond the requirements of GDPR by certifying services to ensure no reuse of customer data, and to give customers the choice to use services to store and process customer data exclusively in the European Economic Area (EEA).
Automated Compliance and partnership with GAIA-X
A key objective of the GAIA-X project is to provide automated compliance to digitally build transparency and trust. Together with GAIA-X CTO Office, CISPE has used its Code of Conduct for Data Protection to issue verifiable credentials following the W3C standard.
These allow GAIA-X to automatically verify claims of compliance to provisions regarding data protection and data location.
This mechanism will be made available to other codes of conducts or compliance mechanisms and help GAIA-X to verify claims on cloud services against security, portability or sustainability. In particular, CISPE will offer its members the same mechanisms of other self-regulatory tools it has helped to develop including the Climate Neutral Data Centre Pact and the 10 Principles of Fair Software.
