Ch 17.2.5 - EU Cloud Code
EU Cloud Code of Conduct
The EU Cloud Code was approved by Belgium's DPA in May 2021 after a positive EDPB opinion. It sets requirements for B2B cloud services where the provider acts as a processor, verified by an independent monitoring body, with a public register and a compliance mark. It cannot be used for B2C services, for providers acting as controllers, or (currently) to safeguard international transfers.
| Can be used for | Cannot be used for |
|---|---|
| B2B cloud services where the provider is a PROCESSOR | B2C (consumer) cloud services |
| Demonstrating GDPR compliance via independent verification | Where the cloud provider acts as a CONTROLLER |
| Public register + compliance mark | Currently, safeguarding international transfers (a module is being developed) |
Selecting a Code-compliant cloud service can help business customers meet their own GDPR obligations, because compliant standard terms must contain all required obligations and providers must have internal processes to fulfil them.
Key terms - quick answers
What is “Monitoring body”?
An independent body that verifies a cloud provider's compliance with the EU Cloud Code.
What is “B2B cloud services”?
Cloud services for business customers - the only scope of the EU Cloud Code (not consumer/B2C services).