Belgian DPA Approves First EU Data Protection Code of Conduct for Cloud Service Providers
Monday, May 24, 2021
EU GDPR Cloud Serv. Providers
Print Mail Download i

On May 20, 2021, the Belgian Data Protection Authority (“Belgian DPA”), as the lead authority (in collaboration with two co-reviewing authorities), announced that it had approved the EU Data Protection Code of Conduct for Cloud Service Providers (the “EU Cloud CoC”). The EU Cloud CoC is the first transnational EU code of conduct since the entry into force of the EU General Data Protection Regulation (the “GDPR”).

Pursuant to Recital 81 and Article 28 (5) of the GDPR, adherence of a processor to an approved code of conduct may be used as an element by which to demonstrate the sufficient guarantees referred to in Article 28 (1) and 28 (5) of the GDPR.

The EU Cloud CoC aims at creating a baseline for implementation of GDPR for all the service types of the cloud market. Its purpose is to offer cloud service providers with practical guidance and a set of specific binding requirements (such as requirements regarding the use of sub-processors, audits, compliance with data subject rights requests, transparency, etc.), as well as objectives to help cloud service providers demonstrate compliance with Article 28 of the GDPR. A set of controls also will help assess compliance with the requirements of the EU Cloud CoC. Importantly, the EU Cloud CoC only applies to cloud service providers acting as processors and does not permit international transfers of personal data pursuant to Article 46.2(e) of the GDPR.

Under the GDPR, a code of conduct that involves processing activities must be monitored by an accredited monitoring body. Accordingly, the Belgian DPA also accredited Scope Europe as the monitoring body for the EU Cloud CoC. The EU Cloud CoC will be responsible for checking conformity of the adhering cloud service providers at least annually and on an ad-hoc basis if significant changes occur or in reaction to a complaint.

As part of the approval process, the European Protection Board provided a favorable opinion regarding the EU Cloud CoC.

Read the Belgian DPA approval decision regarding EU Cloud CoC, the accreditation decision regarding Scope Europe and the Belgian DPA press release.

Copyright © 2024, Hunton Andrews Kurth LLP. All Rights Reserved.

Current Legal Analysis

More from Hunton Andrews Kurth

Senators Introduce Stablecoin Bill
by: Scott H. Kimpel
FTC Poised to Finalize Noncompete Rule
by: Katherine Pauly , Kevin Hahm
EDPB Issues Opinion on Pay-Or-Consent Models
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
Supreme Court Rules that MD&A Omission Does Not Give Rise to a Claim for Securities Fraud
by: Scott H. Kimpel , James V. Davidson
UK ICO Launches Latest Installment in the AI Consultation Series
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
SCOTUS Decides That A Position Transfer May Violate Title VII If An Employee is Worse Off Due to Discriminatory Reasons
by: Emily Burkhardt Vicente , Steven J. DiBeneditto Jr.
IRS Issues New Favorable Pipeline Ruling for REITs
by: George C. Howell, III , Thomas W. Ford, Jr.
Treasury Proposes Stronger CFIUS Monitoring and Enforcement Rules
by: Sevren R. Gourley , Eric R. Markus
SAFETY Act Series, Part 1: The SAFETY Act Is Powerful Protection Against Emerging Liabilities
by: Lorelie S. Masters , Kevin W. Jones
The Hunton Policyholder’s Guide to Artificial Intelligence: Artificial Intelligence-Related Securities Exposures Underscore the Importance of Thorough AI Insurance Audits
by: Michael S. Levine , Geoffrey B. Fehling

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins