December 4, 2021

Volume XI, Number 338

Advertisement
Advertisement

December 03, 2021

Subscribe to Latest Legal News and Analysis

December 02, 2021

Subscribe to Latest Legal News and Analysis

December 01, 2021

Subscribe to Latest Legal News and Analysis

Belgian DPA Approves First EU Data Protection Code of Conduct for Cloud Service Providers

On May 20, 2021, the Belgian Data Protection Authority (“Belgian DPA”), as the lead authority (in collaboration with two co-reviewing authorities), announced that it had approved the EU Data Protection Code of Conduct for Cloud Service Providers (the “EU Cloud CoC”). The EU Cloud CoC is the first transnational EU code of conduct since the entry into force of the EU General Data Protection Regulation (the “GDPR”).

Pursuant to Recital 81 and Article 28 (5) of the GDPR, adherence of a processor to an approved code of conduct may be used as an element by which to demonstrate the sufficient guarantees referred to in Article 28 (1) and 28 (5) of the GDPR.

The EU Cloud CoC aims at creating a baseline for implementation of GDPR for all the service types of the cloud market. Its purpose is to offer cloud service providers with practical guidance and a set of specific binding requirements (such as requirements regarding the use of sub-processors, audits, compliance with data subject rights requests, transparency, etc.), as well as objectives to help cloud service providers demonstrate compliance with Article 28 of the GDPR. A set of controls also will help assess compliance with the requirements of the EU Cloud CoC. Importantly, the EU Cloud CoC only applies to cloud service providers acting as processors and does not permit international transfers of personal data pursuant to Article 46.2(e) of the GDPR.

Under the GDPR, a code of conduct that involves processing activities must be monitored by an accredited monitoring body. Accordingly, the Belgian DPA also accredited Scope Europe as the monitoring body for the EU Cloud CoC. The EU Cloud CoC will be responsible for checking conformity of the adhering cloud service providers at least annually and on an ad-hoc basis if significant changes occur or in reaction to a complaint.

As part of the approval process, the European Protection Board provided a favorable opinion regarding the EU Cloud CoC.

Read the Belgian DPA approval decision regarding EU Cloud CoC, the accreditation decision regarding Scope Europe and the Belgian DPA press release.

Copyright © 2021, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XI, Number 144
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement
Advertisement