argomento: News del mese - Diritto Internazionale e Comunitario

Articoli Correlati: E.U. - cloud provider - discipline

The Cloud Infrastructure Services Providers in Europe (CISPE) Code of Conduct was recently adopted and represents the first Code of Conduct for IaaS cloud service providers, offering both GDPR compliance and choice for the data controllers to store and process data within the European Economic Area. The CISPE Code, validated by the EDPB and approved by the French Data Protection Authority (CNIL), is the first Code of Conduct specifically designed for cloud infrastructure service providers (IaaS) and was recently adopted by several industry players such as Aruba, AWS (Amazon Web Service) and OVH Cloud. The main purpose of the CISPE Code is to help organisations across Europe to accelerate the development of GDPR compliant cloud-based services, offering greater levels of compliance with data protection obligations. The Codes of Conduct are self-regulatory tools provided for by art. 40 of the GDPR and represent important frameworks for “voluntary accountability”. It is important to clarify that the provisions contained in Codes of Conduct are not binding and can only be used as guidelines for data controllers and processors in their vendor privacy assessment activities. The purpose of the CISPE Code is to help CISPs to demonstrate compliance with article 28 GDPR and make it easier and more transparent for data controllers to analyze and assess whether cloud services are suitable for the processing of personal data that they wish to perform.