The CISPE, a newly formed organization founded by more than 20 cloud infrastructure providers operating in Europe with a commitment to maintaining the highest levels of data protection, announces the launch of its data protection Code of Conduct requiring cloud IaaS provider members to provide specific assurances on the protection of data stored in European data centers.
The launch of the CISPE Code of Conduct was made at a round table conference held in Brussels with the attendance of industry key players, policy makers and hosted by MEP Eva Paunova, Member of the Committee on the Internal Market and Consumer Protection.
Under the CISPE Code of Conduct, cloud infrastructure providers cannot data mine or profile customers’ personal data for marketing, advertising or similar activities, for their own purposes or for the resale to third parties.
The Code precedes the application of the new European Union (EU) General Data Protection Regulation (GDPR). It aligns with the requirements set out in this new regulation aiming mainly at giving citizens back the control of their personal data, and simplifying the regulatory environment for international business by unifying the regulation within the EU.
The new Code of Conduct has been constructed in such a way that it will be aligned with the EU General Data Protection Regulation (GDPR) when it comes into force in May 2018 and it builds on internationally recognised security standards that enhance data security processing for all cloud customers and for their users.
It makes it simpler for customers to assess whether Cloud Infrastructure Services are suitable for the processing of personal data that they wish to perform, and those that are suitable are identified by a clear Trust Mark.
This Trust Mark can be used by cloud infrastructure providers to show customers they are compliant, and compliant organisations will also be listed on the CISPE website.
Under the CISPE Code of conduct, cloud customers will receive the assurance that providers of cloud infrastructure services do not process their personal data, for their own benefit or for the resale to third parties, such as for the mining of personal data, profiling of data subjects, marketing or similar actions.
“It was a natural decision, we saw an opportunity in this Code of Conduct,” said Stefano Cecconi, Founder and CEO of Aruba Spa “for our customers this data protection standard is already in place as Italian legislation on this subject is quite similar to what has been stated in the Code of Conduct and offers the same guarantees. The great advantage starting from this decision, is that the same rules will be applied to all European countries and everyone will have the same obligations; so I welcome the CISPE Code of Conduct as this will avoid any doubts about what customers can expect from their cloud providers“.
Regarding Aruba Cloud, Stefano Cecconi adds “we give our customers the possibility to choose in which Country they want their data to be processed, but we keep the data strictly within the EU, protecting confidentiality through high data protection standards”.
For additional details check the Official Press Release on http://cispe.cloud