Skip to main content
EU Cloud Code of Conduct

EU Cloud Data Protection Code of Conduct Gap Assessments, Remediation for GDPR Cloud Computing for CSPs

EU Data Protection Code of Conduct for Cloud Service Providers

The EU Data Protection Code of Conduct for Cloud Service Providers, simply known as the EU Cloud Code of Conduct, is a framework consisting of a set of requirements for Cloud Service Providers (CSP) supported by a Control Catalogue. This is important to note as the EU Cloud Code of Conduct is a voluntary instrument in accordance with Article 40 of the GDPR, but more specifically, it defines clear requirements for CSPs regarding implementing necessary measures of Article 28 of the GDPR.

On May 19th, 2021, the European Data Protection Board (EDPB) adopted the EU Cloud Code of Conduct. Then, the Belgian Data Protection Authority adopted it on May 20th. While adherence to the EU Cloud Code of Conduct is voluntary, it “…has thus been prepared to contribute to the proper application of the GDPR, taking into account the specific features of the cloud computing sector.”

EU Cloud of Conduct Help from Proven Privacy Experts

Centris offers comprehensive services for helping CSPs meet the following EU Cloud of Conduct reporting requirements as outlined in Chapter 5 and Chapter 6 of the Code. Specifically, we can develop all required information security, data privacy, and operational policies and procedures. Furthermore, we can assist in implementing controls and processes as needed for ensuring full compliance is met with all requirements set forth in Chapter 5 and 6 of the Code.

Chapter 5

  • 5.1: Terms and Conditions of the Cloud Services Agreement.
  • 5.2: Processing Personal Data Lawfully.
  • 5.3: Subprocessing.
  • 5.4: International Transfers of the Customers Personal Data.
  • 5.5: Right to Audit.
  • 5.6: Liability.
  • 5.7: Cooperation with the Customer.
  • 5.8: Records of Processing.
  • 5.9: Data Protection Point of Contact.
  • 5.10: Rights of the Data Subject.
  • 5.11: Cooperation with the Supervisory Authorities.
  • 5.12: Confidentiality of the Processing.
  • 5.13: Assistance with Personal Data Breaches.
  • 5.14: Termination of the Cloud Services Agreement.

With Centris, we offer a wide range of data privacy assessments & programsdata governancedata mappingPIADPIAGDPR assessments, CCPA/CPRA assessments, international international privacy assessments, U.S. state privacy assessments, EU Cloud Code of Conduct, Microsoft SSPA/DPR, along with data privacy programs.

Chapter 6

  • 6.1: Security Requirements for CSPs under the code.
  • 6.2: Detailed Security Objectives.
  • 6.3 Transparency.

Additionally, per the Code, “Provisions that are mandatory and binding in order to reach compliance with this Code, whether defined in Code provisions or in Controls, are identified by the usage of the terms “shall” and “must”.

CENTRIS

Leaders in Security & Regulatory Compliance

Risk Strategies & Methodologies
Risk management planning reduces exposure to a wide-range of issues that could have detrimental effects on a business. Not knowing, planning, or responding to risks and related issues can leave an organization with few options in combating risks when they actually surface.
CENTRIS Advisory Methods
Strategic Planning & Integration
Every organization is moving towards a digitized business model, so isn’t it time to strategize on some of the most critically important elements for your business?
Explore CENTRIS Strategies
Regulatory Compliance Experts
Build scalable, adaptable, and efficient compliance solutions for increased organizational efficiency, while also improving core InfoSec, cybersecurity, operational and data privacy controls and best practices.
Regulatory Compliance For All Industries
"In order to secure the trust of cloud customers in Cloud Service Provider (CSPs), the EU Cloud Code of Conduct aims to help Cloud Providers on their path to GDPR compliance."
- EU Cloud Code of Conduct

Why Centris for EU Cloud of Conduct Assistance?

  • Proven methodology that’s quick, comprehensive, and with fixed-fee pricing.
  • Experts at remediating privacy and security gaps, along with documentation deficiencies.
  • Deep experience in working with all industries and sectors relating to privacy and security.

Additional Related Services

Customized Data Privacy Programs | Data Privacy Cons...

Growing cybersecurity threats, coupled with increased laws and regulations are forcing organizations to truly take the time in assessing – and documenting – how they collect, use, share & disclose, store, protect, retain, and dispose of their data...
Read this article

Microsoft Supplier Security & Privacy Assurance Prog...

Per Microsoft, “The Microsoft Supplier Data Protection Requirements” apply to each Microsoft supplier that Processes Personal Data or Microsoft Confidential Data in connection with that supplier’s performance (e.g., provision of services, software...
Read this article

U.S. State Data Privacy Assessments, Consulting and ...

Almost every state is now following in the footsteps of California in developing comprehensive laws regarding an individual’s data privacy rights. In the near future, it’s quite possible that every state will adopt meaningful data privacy laws, a...
Read this article

International Data Privacy Assessments for U.S. and ...

While most of the world is focusing on the likes of the General Data Protection Regulation (GDPR), along with the California Consumer Privacy Act (CCPA), there’s much more to data privacy than these two well-known pieces of legislation. Canada, B...
Read this article

CCPA & CPRA Gap Assessments for Business in Californ...

The California Consumer Privacy Act (CCPA) is without question landmark legislation enacted to give consumers greatly enhanced privacy rights and protection clauses within the state of California. As an organization, if you’re doing business in t...
Read this article

GDPR Assessments for Controllers and Processors

Centris offers GDPR gap assessments for organizations all throughout North America seeking assistance with what’s arguably the most demanding and comprehensive data privacy regulation in the world. GDPR compliance for U.S. companies has hit our sh...
Read this article

Data Protection Impact Assessments (DPIA) | GDPR Con...

The General Data Protection Regulation (GDPR), under Article 35, requires, under certain circumstances, that a Data Protection Impact Assessment (DPIA) be performed by controllers if certain conditions exist. Specifically, “Where a type of process...
Read this article

Privacy Impact Assessments (PIA) | Minimize Privacy ...

The safety and security of all types of data is now front and center in today’s business arena due to growing cybersecurity threats, coupled with increased data privacy laws and regulations. With Centris, our PIA process is efficient, yet compre...
Read this article

Data Mapping for Security and Privacy | Improve Deci...

The safety and security of data (all types and all formats) is now more important than ever, thanks in large part to growing data privacy and cybersecurity regulations that are impacting organizations all throughout the globe. The General Data Pro...
Read this article

Data Governance Plan and Consulting Services | PIA, ...

When performed correctly, a quality data governance assessment provides organizations with an actionable roadmap for designing and implementing a sustainable data governance program that ultimately improves efficiency, promotes transparency, enabl...
Read this article

    Protect Your Digital Systems & Ensure Compliance at All Levels

    From robust security and compliance solutions to risk analysis and corporate strategy - partner with CENTRIS for enterprise resilience.

    Let's talk about your business - Contact CENTRIS Today