This is a major sign of security and compliance being taken seriously at the cloud infrastructure level. GDPR is a real concern and even a hurdle for the uninitiated circles in information security.
In response to this initiative by Europe’s infrastructure providers to raise levels of trust, reports in Politico’s Tech newsletter, EUObserver, Bloomberg TV, Computer Weekly and IAAP (the largest global information privacy community) to cite just a few, endorsed the importance of the CISPE pledge to protect their costumers data and make sure it will not be reused against their wishes, including, in particular, for the purposes of data mining, profiling or direct marketing. This wide media response matched the extensive coverage of the launch of CISPE in September 2016, when more than 100 media outlets from Le Monde to Politico Pro, La Repubblica, La Informacion highlighted the relevance of the organisation to the sector.
This is a very positive step. I hope that this code will be approved for GDPR purposes, whether by the European Commission or a national data protection supervisory authority, to enable transfers to adhering cloud providers, even if they are outside the EU, as well as to help evidence their compliance generally.
The coverage also underlined how the Code offers concrete responses to the growing questions and needs of customers across Europe anticipating the application of the new European data protection regulation in 2018 and how it clarifies the allocation of responsibility between the customer and Cloud Infrastructure Service providers.“With the publication of its Data Protection Code of Conduct for Cloud Infrastructure Services Providers, CISPE has already made significant progress in this space,” concluded comparethecloud.net.