CISPE, Cloud Infrastructure Services Providers in Europe, announced that the European Data Protection Board, which comprised of all the European Data Protection Authorities provided a favorable opinion that the CISPE Data Protection Code of Conduct complies with the General Data Protection Regulation. Submitted by French DPA, CNIL, the CISPE Code is the first pan-European sector-specific code for cloud infrastructure service providers to reach this stage.
First and only code focusing on IaaS
CISPE Data Protection Code of Conduct aims to help organizations to accelerate the development of GDPR compliant cloud-based services. By selecting CISPE code-compliant services, IaaS customers are assured of trustworthy cloud infrastructures.
The code is the first and only code that focuses on the Infrastructure-as-a-Service sector and addresses the specific roles and responsibilities of IaaS providers not represented in more general codes. IT also creates confidence and trust amongst customers and their end-users that a declared IaaS service is compliant with GDPR.
Compliance with the code is verified by independent, external auditors accredited by the relevant Data Protection Authority. Acting as “Monitoring Bodies” these strengthen the level of assurance provided by services certified under the code. The CISPE Code of Conduct offers a diverse portfolio of independent monitoring bodies. Alban Schmutz, President, CISPE, said,
“GDPR was a welcome development, and the CISPE code brings clarity to its data protection requirements for cloud infrastructure providers. The CISPE Data Protection Code of Conduct gives cloud service providers an approved framework to demonstrate full compliance of their certified cloud services, providing concrete examples of what they and their customers are expected to do to protect data under GDPR rules.”