The European Data Protection Board (EDPB), under which all European Data Protection Authorities (DPAs) fall, gave a favourable resolution on Thursday that said the CISPE Data Protection Code of Conduct complies with the General Data Protection Regulation (GDPR).
The CISPE Code was submitted by the French DPA and is the first pan-European sector-specific code of conduct for cloud providers to hit this milestone.
CISPE is the pioneering code that’s set to help organizations in the bloc accelerate the development of their respective GDPR compliant cloud-based services for users.
A framework for cloud infrastructure and services providers
By choosing CISPE code-compliant services, customers will have assurances that they are dealing with trustworthy cloud infrastructures that handle and store data in strict compliance with the GDPR.
Alban Schmutz, the president of CISPE (Cloud Infrastructure Providers in Europe), the organization behind the code, said that the organization was happy about the development of the GDPR and wrote the CISPE code to clarify data protection requirements for cloud infrastructure companies.
The CISPE Data Protection Code of Conduct gives cloud providers a framework that’s approved and geared to enable full compliance.
A tighter code than others
CISPE’s Code of Conduct has some unique features that make it particularly effective. It’s the first, and the only code with a keen focus on the IaaS sector, addressing specific roles and responsibilities of IaaS providers that aren’t in any other codes.
The code creates confidence and trust among customers and users, that a CISPE-certified provider is compliant. It promotes data protection best practices, which advance the bloc’s GAIA-X initiative to create European cloud data services.
Compliance is independently verified, by external and accredited auditors, further ensuring that transparency is guaranteed. Final approval of the code will be given by the CNIL.