On November 21, the Cloud Security Alliance (CSA) released their Code of Conduct for compliance with the European General Data Protection Regulation (GDPR). The GDPR Code of Conduct (the "Code") provides cloud service providers, cloud customers, and potential customers with guidance to assist with complying with the new requirements found within the GDPR.
The CSA About web page states they are the "world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment." (1)
The Code is structured to meet the mandatory data protection requirements under Directive 95/46/EC as well as the upcoming requirements of the GDPR.
"...the CSA Code of Conduct for GDPR Compliance is of fundamental importance as it gives guidance for legal compliance and the necessary transparency on the level of data protection offered by the CSPs (Cloud Service Providers)." - Paolo Balboni, European ICT, privacy and data protection lawyer, and co-chair of the Privacy Level Agreement Working Group (2)
- (1) CSA - "About" page
- (2) CSA - "Press Release"
- CSA - "Code of Conduct for GDPR Compliance"
- CSA - "GDPR Resource Center"
- CSA - "Home" page
- EUR-Lex - "Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC"
- European Commission - "Protection of personal data"