Publications -

European code of conduct for data protection


The association of Cloud Infrastructure Service Providers in Europe (CISPE), whose members include twenty cloud infrastructure providers with European headquarters, has published the first European code of conduct for the application of the Regulation on data protection in the European Union (“the Regulation”).

The purpose of the code is to define a self-regulating model for cloud infrastructure service providers that are compliant with the European regulations, with the commitment that they will use their customers’ personal data in a conventional manner, and that this data will be processed and stored within EU/EEA  territory.

The code is designed as a certification tool for these providers; if they comply with its guidelines, they can display a “seal of quality” or Trust Mark. This ensures that they comply with European regulations.

Providers with certified compliance must make a statement that they will abide by the code, using one of these options:

  • Audit by an independent third party, that verifies and certifies that the provider is bound by the code and complies with its guidelines;
  • Self-assessment of compliance with the requirements on the part of the provider itself and the signing of a statement of commitment, using the model supplied in the code.

The statement will trigger the obligation to comply at all times with the provisions laid out in sections 5 and 6 of the code, covering data protection and security requirements, together with those on governance, in section 7.