European Union: French DPA submits CISPE Code of Conduct for IaaS

French DPA submits CISPE Code of Conduct for IaaS

The Cloud Infrastructure Service Provider Europe (CISPE) Code of Conduct submitted by the French Data Protection Authority for approval addresses cloud infrastructure service providers and is specifically applicable for IaaS cloud offerings. The sector-specific Code of Conduct has pan-European effect and invokes various requirements for IaaS in order for them to be compliant with the GDPR. The code consists of remarks concerning scope definitions, data protection requirements, transparency duties, adherence, and governance obligations.

Original source

Scope

Policy Area

Data governance

Policy Instrument

Data protection regulation

Regulated Economic Activity

infrastructure provider: cloud computing, storage and databases, infrastructure provider: cloud computing, storage and databases

Implementation Level

supranational

Government Branch

executive

Government Body

data protection authority

Complete timeline of this policy change

Hide details

2021-02-25

under deliberation

The Cloud Infrastructure Service Provider Europe (CISPE) Code of Conduct submitted by the French Da…

2021-05-20

adopted

The European Data Protection Board (EDPB) the Code of Conduct for IaaS as submitted by the industry…

2021-06-03

adopted

The Commission Nationale de l’Informatique et des Libertés (CNIL) approves the Code of Conduct for …

Description

French DPA submits CISPE Code of Conduct for IaaS

Scope

Complete timeline of this policy change