Formally founded in 2017, the EU Data Protection Code of Conduct for Cloud Service Providers (otherwise known as the EU Cloud Code of Conduct; the Code) is a voluntary code of conduct created specifically to support GDPR compliance within the B2B (business-to-business) Cloud industry. The EU Commission, the Article 29 Working Party (now the EDPB (European Data Protection Board)), the EU Directorate-General for Justice and Consumers, and Cloud-industry leaders have all contributed to its development, resulting in a robust framework that recognises the unique requirements of the Cloud industry.

Cloud providers must ensure that their services – which by design involve accessing and transferring data across the Internet, exposing it to far greater risk than data stored and processed within an organisation's internal network – meet or exceed the GDPR's requirements in order to provide the security and privacy that the market expects. Organisations can achieve this via compliance with the EU Cloud Code of Conduct.

The Code has already been adopted by major Cloud service organisations, including:

• Microsoft
• Oracle
• Salesforce
• IBM
• Google Cloud
• Dropbox
• Alibaba Cloud

Public and business focus on information security and data protection continues to increase in the face of a constantly changing threat landscape and ever more stringent regulation, and compliance with initiatives such as the EU Cloud Code of Conduct demonstrates to current and potential customers that your organisation is taking data privacy seriously. It also strengthens your organisation's approach to information security management, and defences against data breaches.

The EU Data Protection Code of Conduct for Cloud Service Providers provides guidance on how to implement the Code. It explores the Code's objectives, and how compliance can be achieved with or without an ISMS (information security management system).

Begin your journey to EU Cloud Code of Conduct implementation with our compliance guide – buy this book today!

About the author

Alan Calder founded IT Governance Ltd in 2002 and began working full time for the organisation in 2007. He is Group CEO of GRC International Group PLC, the AIM-listed company that owns IT Governance Ltd. Alan has held a number of roles, including CEO of Business Link London City Partners (a government agency focused on helping growing businesses to develop) from 1995 to 1998, CEO of Focus Central London (a training and enterprise council) from 1998 to 2001, and CEO of Wide Learning (a supplier of e-learning) from 2001 to 2003 and the Outsourced Training Company (2005). He was also chairman of CEME (a public–private-sector skills partnership) from 2006 to 2011.

Alan is an acknowledged international cyber security guru and a leading author on information security and IT governance issues. He has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications). Alan has consulted for clients in the UK and abroad, and is a regular media commentator and speaker.

For information on Alan's other publications, visit www.itgovernancepublishing.co.uk/author/alan-calder.