{"id":1812,"date":"2024-02-06T15:37:28","date_gmt":"2024-02-06T21:37:28","guid":{"rendered":"https:\/\/trustarc.com\/?post_type=regulations&p=1812"},"modified":"2024-03-21T09:06:58","modified_gmt":"2024-03-21T15:06:58","slug":"eu-cloud-code-of-conduct","status":"publish","type":"regulations","link":"https:\/\/trustarc.com\/regulations\/eu-cloud-code-of-conduct\/","title":{"rendered":"EU Cloud Code of Conduct"},"content":{"rendered":"\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t\tStandard<\/span>\n\t\t\t\t\t\t\t\t\t\t

EU Cloud Code of Conduct<\/h1>\n\t\t\t\t\t

The EU Data Protection Code of Conduct for Cloud Service Providers sets out clear requirements and recommended procedures for data protection in cloud services in compliance with GDPR to support accountability.<\/p>\n\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t\t

\n\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t

Are you subject to the EU Cloud Code of Conduct?<\/h2>\n

The EU Cloud Code of Conduct applies to all cloud services types in the market that is acting as a processor.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t

\n\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t

Expectations of the Code<\/h2>\n\t\t\t\t\t\t\t\t\t\t\t\tThe Code is meant to facilitate effective application of the GDPR and is designed to ensure a robust level of data protection and transparency, complemented by an independent monitoring function.\u00a0<\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t

Subprocessing guidance<\/h4>\n

Under the Code, cloud service providers must provide consent on authorized use of sub-processors as well as disclosures on changes.<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t

\n\t\t\t\t\t\t\t

Data subjects rights<\/h4>\n

The Code requires a data protection contact in order to assist in data subject rights outlined in GDPR. In addition there are specifics on the return or deletion of customer personal data upon termination of a cloud service agreement.<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/section>\n\t\n\n\t

\n\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t

Best practice & oversight mechanisms<\/h4>\n

The Code outlines security objectives based on recognized standards (e.g., ISO 27001, ISO 27701, SOC 2, C5). For oversight mechanisms, a monitoring body must be able to perform independent reports. Cloud service providers should also provide a complaint mechanism and monitoring body in accordance with GDPR.<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/section>\n\t\n\n\t\t

\n\t\t\t
\n\t\t\t\t\"\"\t\t\t<\/div>\n\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\tRegulations<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t

EU General Data Protection Regulation (GDPR)<\/h2>\n\t\t\t\t\t\t

The world\u2019s most comprehensive data privacy and protection law requires organizations to adhere to 7 common principles, provide the ability to exercise the 8 individual rights, and demonstrate an ongoing commitment to data privacy.<\/p>\n\t\t\t\t\t\t