Skip to main content

EU Cloud Data Protection Code of Conduct Gap Assessments, Remediation for GDPR Cloud Computing for CSPs

EU Data Protection Code of Conduct for Cloud Service Providers

The EU Data Protection Code of Conduct for Cloud Service Providers, simply known as the EU Cloud Code of Conduct, is a framework consisting of a set of requirements for Cloud Service Providers (CSP) supported by a Control Catalogue. This is important to note as the EU Cloud Code of Conduct is a voluntary instrument in accordance with Article 40 of the GDPR, but more specifically, it defines clear requirements for CSPs regarding implementing necessary measures of Article 28 of the GDPR.

On May 19th, 2021, the European Data Protection Board (EDPB) adopted the EU Cloud Code of Conduct. Then, the Belgian Data Protection Authority adopted it on May 20th. While adherence to the EU Cloud Code of Conduct is voluntary, it “…has thus been prepared to contribute to the proper application of the GDPR, taking into account the specific features of the cloud computing sector.”

EU Cloud of Conduct Help from Proven Privacy Experts

Centris offers comprehensive services for helping CSPs meet the following EU Cloud of Conduct reporting requirements as outlined in Chapter 5 and Chapter 6 of the Code. Specifically, we can develop all required information security, data privacy, and operational policies and procedures. Furthermore, we can assist in implementing controls and processes as needed for ensuring full compliance is met with all requirements set forth in Chapter 5 and 6 of the Code.

Chapter 5

  • 5.1: Terms and Conditions of the Cloud Services Agreement.
  • 5.2: Processing Personal Data Lawfully.
  • 5.3: Subprocessing.
  • 5.4: International Transfers of the Customers Personal Data.
  • 5.5: Right to Audit.
  • 5.6: Liability.
  • 5.7: Cooperation with the Customer.
  • 5.8: Records of Processing.
  • 5.9: Data Protection Point of Contact.
  • 5.10: Rights of the Data Subject.
  • 5.11: Cooperation with the Supervisory Authorities.
  • 5.12: Confidentiality of the Processing.
  • 5.13: Assistance with Personal Data Breaches.
  • 5.14: Termination of the Cloud Services Agreement.

With Centris, we offer a wide range of data privacy assessments & programsdata governancedata mappingPIADPIAGDPR assessments, CCPA/CPRA assessments, international international privacy assessments, U.S. state privacy assessments, EU Cloud Code of Conduct, Microsoft SSPA/DPR, along with data privacy programs.

Chapter 6

  • 6.1: Security Requirements for CSPs under the code.
  • 6.2: Detailed Security Objectives.
  • 6.3 Transparency.

Additionally, per the Code, “Provisions that are mandatory and binding in order to reach compliance with this Code, whether defined in Code provisions or in Controls, are identified by the usage of the terms “shall” and “must”.

CENTRIS

Leaders in Security & Regulatory Compliance

Risk Strategies & Methodologies
Risk management planning reduces exposure to a wide-range of issues that could have detrimental effects on a business. Not knowing, planning, or responding to risks and related issues can leave an organization with few options in combating risks when they actually surface.
Strategic Planning & Integration
Every organization is moving towards a digitized business model, so isn’t it time to strategize on some of the most critically important elements for your business?
Regulatory Compliance Experts
Build scalable, adaptable, and efficient compliance solutions for increased organizational efficiency, while also improving core InfoSec, cybersecurity, operational and data privacy controls and best practices.
"In order to secure the trust of cloud customers in Cloud Service Provider (CSPs), the EU Cloud Code of Conduct aims to help Cloud Providers on their path to GDPR compliance."
- EU Cloud Code of Conduct

Why Centris for EU Cloud of Conduct Assistance?

  • Proven methodology that’s quick, comprehensive, and with fixed-fee pricing.
  • Experts at remediating privacy and security gaps, along with documentation deficiencies.
  • Deep experience in working with all industries and sectors relating to privacy and security.

Additional Related Services


    Protect Your Digital Systems & Ensure Compliance at All Levels

    From robust security and compliance solutions to risk analysis and corporate strategy - partner with CENTRIS for enterprise resilience.