The GDPR has a new friend—the Cloud Code of Conduct, or Cloud CoC. While this set of regulations has been in the works for a while now, it has been making headlines recently as the EU prepares to permanently adopt it.

The Cloud Code of Conduct will not require most businesses to rethink their approach to data privacy and customer rights like the GDPR did. However, it does impact certain services and systems companies may use. If you have customers in Europe, it pays to know more about the CoC and how you should prepare for its eventual adoption.

What is the Cloud Code of Conduct?

The Cloud Code of Conduct is a legal framework designed to help European customers find cloud service providers in full compliance with the GDPR. Providers can sign up voluntarily for certification. SCOPE Europe , an independent monitoring body designed to administer the CoC, will screen any service providers that want approval.

The Code of Conduct covers software-as-a-service (SaaS), infrastructure (IaaS), and platform (PaaS) service providers and invites companies of all sizes to join. After SCOPE Europe has approved a company’s procedures, they receive official membership and can promote themselves as compliant with the CoC.

The purpose of the Code is twofold. First, and more obviously, the Code of Conduct exists to help customers choose a company they can trust with their personal data. Any business that receives approval has to pass rigorous tests. Second, the Code of Conduct gives business owners a streamlined way to know if they’re fully in compliance with the GDPR. This allows them to correct any mistakes and promote themselves as a trustworthy company once they earn membership.

How the Cloud CoC Affects Businesses

Functionally, the Cloud Code of Conduct adds nothing new to the GDPR. It simply consolidates many differing regulations into a more compact set of guidelines. Even though you don’t have to rewrite your privacy policy to accommodate the CoC, you still need to be aware of what those guidelines are and whether or not your company falls short. Your European customers expect you to handle their data properly, after all!

Even though the CoC has not been formally adopted by the entire EU yet, don’t delay your own investigation. All cloud services providers should follow the necessary steps to get the certification. Not only will your European customers appreciate the added security, but the EU government will also recognize you as a trustworthy company. Both can improve your reputation and decrease the likelihood of GDPR-related lawsuits.

Approval Under the Cloud Code of Conduct

Any company seeking CoC approval must follow these steps:

1. Declare their services adherent using this form on the official CoC website.
2. Submit to an initial assessment by SCOPE Europe. The company will be required to provide documentation, service agreements, and any other requested documents outlining their compliance.
3. Pass recurring compliance checks at least once per year.
4. Pass “ad hoc” compliance checks triggered by events such as an updated service policy, an influx of customer complaints, or poor publicity. SCOPE Europe will request documentation as necessary to ensure ongoing compliance.

At 4Thought Marketing, we welcome this new level of accountability and believe it will bring a great deal of credibility to cloud service providers everywhere. We are currently in the process of seeking approval under the CoC and will announce when we achieve it.

Keeping Up with the GDPR

Privacy laws present a bit of a moving target to many companies. Even a simple change like the Cloud Code of Conduct gives businesses more hoops to jump through. Keeping track of all the privacy laws you’re subject to is a full-time job on its own, and there’s always the potential for mistakes if you handle it all on your own.

The good news is, you don’t have to! Our top-notch privacy compliance software, 4Comply, was designed to keep track of evolving privacy laws for you and automatically keep you in the clear. Get in touch with us today for a demo.

---