Data Protection Code of Conduct for Cloud Service Providers

Cloud computing provides significant benefits to both public and private sector customers in terms of cost, flexibility, efficiency, security and scalability. However, cloud customers must be able to trust a cloud service provider (CSP), before they will entrust their data and applications to them. A recurring challenge is to ensure that personal data is processed by the CSP in accordance with the EU Data Protection Directive, its national transpositions and subsequent EU data protection laws, in particular the General Data Protection Regulation and any further European data protection legislation.

The purpose of this voluntary Code of Conduct (Code)  is to make it easier and more transparent for cloud customers to analyse whether cloud services are appropriate for their use case.

Download paper