cloud gdpr

Cloud Industry Unites to Create Global Standard for Transfer of Personal Data following ‘Schrems II’ ruling

The creators of the data protection market standard for cloud, the EU Cloud Code of Conduct (CoC), today announced work is underway on a proposed legal solution for the transfer of personal data outside the EU. Once approved by data protection authorities, the solution could be an alternative to the recently annulled EU-U.S. Privacy Shield, previously relied on by thousands of businesses who now face disruption and uncertainty when transferring EU citizens’ data across the Atlantic.

The EU Data Protection Code of Conduct for Cloud Service Providers (“EU Cloud Code of Conduct”) defines clear requirements for Cloud Service Providers acting as “processors” under the General Data Protection Regulation (GDPR) and is adopted broadly by the cloud market. While the official approval of the current Code by the European Data Protection Board (EDPB), comprised of national Data Protection Authorities (DPAs), is pending, the EU Cloud Code of Conduct General Assembly today announced in a virtual press conference the creation of a new module to the Code for transferring personal data outside of the EU.

The announcement comes only weeks after the recent European Court of Justice’s so-called “Schrems II” ruling which invalidated the data exchange mechanism between the US and the EU (Privacy Shield). The ruling also imposed strict obligations on companies that rely on transfers of personal data to non-EU countries by Standard Contractual Clauses.

The EU Cloud CoC General Assembly invites interested Cloud Service Providers (CSPs) and cloud-users to join the initiative and to contribute to the development of the module, thereby shaping the future legal basis to transfer EU citizen’s personal data to third countries around the world.


The EU Cloud CoC is the only Code covering the full spectrum of cloud services (SaaS, PaaS, IaaS) currently discussed at the European Data Protection Board (EDPB), made up of national Data Protection Authorities (DPAs). The EU Cloud CoC General Assembly consists of world-leading (CSPs) as well as small and medium-sized companies.

SCOPE Europe acts as the independent Monitoring Body of the Code and has already prepared its procedures to effectively monitor adherent Cloud services, applying the same principles and procedures now under the current version of the Code, pending the endorsement of the Code and its official approval by supervisory authorities.

Source: EU Cloud CoC

Share on facebook
Share on linkedin
Share on twitter
Share on pinterest
Share on print
Share on email

Latest Blog Posts

dpa gdpr

Data Protection Authorities (DPA)

Data Protection Authorities (DPA) Data Protection Authorities (DPA) are independent public authorities that supervise, through investigative and corrective powers, the application of the GDPR. They

Read More »

Zpracovává vaše společnost osobní údaje?

Zpracovávat vaše společnost osobní údaje fyzických osob, jako jsou:

  • Údaje zaměstnanců, zákazníků, uchazečů o zaměstnání nebo pacientů včetně:
    • Jméno nebo osobní identifikační číslo
    • Kontaktní údaje (e-mailová adresa, telefonní číslo, adresa)
    • Bankovní údaje, plat, údaje o pasu nebo jiné osobní údaje


Ar Jūsų įmonė renka ir tvarko fizinių asmenų asmens duomenis? 

Asmens duomenys gali būti:

  • Kliento, darbuotojo. paciento, kandidato į darbo vietą ir kt. 
    • Vardas ar asmens  numeris 
    • Kontaktinė informacija (el.pašto adresas, telefono numeris, adresas ir kt)
    • Banko sąskaitos  duomenys, atlyginimo dydis, paso duomenys ar bet kokia kita asmeninė informacija. 

Onko yrityksessäsi enemmän, kuin 250 työntekijää?

Kas teie ettevõte kogub ja töötleb isikuandmeid?

Kas teie ettevõte kogub ja töötleb füüsiliste isikutega seotud andmeid nagu näiteks:

Töötajate, klientide, tööle kandideerijate, patsientide:

  • Nimi, isikukood
  • E-posti aadress, telefoninumber, kodune aadress
  • Pangakontonumber, palgasumma, krediitkaardiandmed või mõnda muut tüüpi isiklikud andmed

Does your company collect any personal data?

Does your company collect and process any personal data of natural persons such as:

  • Employees, Customers, Job Applicants or Patients including:
    • Name or personal ID number
    • Contact details (Email address, Phone number, Address)
    • Bank details, Salary amounts, Passport details or any other personal data