News
Data Protection Certification: Cloud Infrastructure Services Providers operating in Europe declare compliance with CISPE Data Protection Code of Conduct
February 2017 by Marc Jacob
The Cloud Infrastructure Services Providers in Europe (CISPE), a coalition of cloud computing serving millions of European customers have declared that over 30 services comply with the CISPE Data Protection Code of Conduct. Cloud infrastructure services declared today are operated in datacenters located in the following European countries: Bulgaria, Finland, France, Germany, Ireland, Italy, The Netherlands, Spain, and The United Kingdom.
The purpose of the CISPE Code of Conduct is to help cloud customers ensure that their cloud infrastructure provider is using appropriate data protection standards to protect their data consistent with Europe’s current Data Protection Directive and the General Data Protection Regulation (’GDPR’) that will come into force in May 2018. Cloud providers adhering to the Code must give customers the choice to store and process their data entirely within the European Economic Area. Providers must also commit that they will not access or use their customers’ data for their own purposes, including, in particular, for the purposes of data mining, profiling or direct marketing.
All cloud infrastructure services that comply with the CISPE Data Protection Code of Conduct are available on the CISPE Public Register: www.cispe.cloud/PublicRegister and will be easily recognized with the following compliance mark.
Companies declaring compliance with the CISPE Code of Conduct requirements represent a group of leading cloud infrastructure providers operating in Europe: 1&1, Amazon Web Services (AWS), Aruba, DADA, Daticum, Gigas Hosting, Ikoula, LeaseWeb, Outscale, OVH, Seeweb, SolidHost and UpCloud, with more to be announced soon. CISPE is currently reviewing the declarations it has received and will update the CISPE Public Register in due course.
The CISPE Data Protection Code of Conduct provides a data protection compliance framework that makes it easier for customers to assess whether cloud infrastructure services being offered by a particular provider are suitable for the processing of personal data they wish to perform and for them to comply with their current obligations and those coming under the GDPR. Its purpose is to facilitate the proper application of the new European rules on data protection from the GDPR. CISPE members share the GDPR’s objectives of strengthening citizens’ fundamental rights in the digital age and are therefore proactively outlining best practices ahead of the GDPR coming into force next year.
