The European Union Adopts the First GDPR Code of Conduct

On May 20, 2021, the Belgian Data Protection Authority has approved the first transnational code of conduct to be adopted within the European Union since the GDPR came into effect in 2018.   The EU Cloud Code of Conduct aims to establish baseline data protection practices for cloud service providers and aims to contribute to a better protection of personal data processed in the cloud in Europe.

Article 40 of the GDPR encourages the Member States, the supervisory authorities, the European Data Protection Board, and the European Commission to prepare GDPR codes of conduct that would contribute to the proper application of this GDPR, taking account of the specific features of the various processing sectors and the specific needs of micro, small and medium-sized enterprises.  Where a draft code of conduct prepared by a local data protection authority relates to processing activities in several Member States, the approval of the European Data Protection Board is required. On May 19, the EDPB issued a favorable opinion of the Cloud CoC, allowing the Belgian DPA to approve the Code.

The EU Cloud CoC is will address all service types of the cloud market (e.g. IaaS, PaaS, SaaS) and create a baseline for implementation of GDPR for these services. It will provide practical guidance and define specific requirements for the cloud service providers. The Code applies to cloud services where the cloud service provider is acting as a processor and does not apply to “business to consumer” services or to any processing activities for which the provider may act as a data controller.

The Code also establishes an independent monitoring body, Scope Europe, to ensure participants’ ongoing compliance with the contents of the Code.

Take a tour of Clarip’s patented data privacy technology and learn how Clarip can help your enterprise comply with emerging data subject rights regulations. Call Clarip today at 1-888-252-5653 or schedule a Demo Online!