Legislative development and self-regulation

General Data Protection Regulation (GDPR)

The rights and freedom of European citizens in relation to their personal data are increasingly coming under the spotlight of the European Commission. On 25 May 2018 the General Data Protection Regulation (GDPR) came into force throughout the European Union. This regulation focuses on citizen’s rights’ to data portability, data erasure, data access and transparency in relation to the processing of their information as well as the right to be notified promptly of any data breaches.

CISPE code of conduct

Aruba is one of the founding members of CISPE (Cloud Infrastructure Services Providers in Europe), a coalition of European Cloud service providers with the aim of ensuring data protection and GDPR compliance.

The CISPE Code of Conduct comprises a set of quality standards for customer protection, that Cloud providers can use to certify their solutions.

For more details, go to https://codeofconduct.cloud

How data is managed at Aruba

Data stored, backed up and saved in the EU

All of Aruba's servers are in clusters, and storage is backed up for maximum reliability. You can choose to activate the structure in more than one data center to guarantee Business Continuity and Disaster Recovery and ensure security, redundancy and efficiency.

Customers can choose from a European network that includes three data centers in Italy, one in the Czech Republic, one in France, one in Germany, one in the UK and one in Poland. This allows you to find the perfect location to develop your IT projects and satisfy any specific geographical requirements. Our customers in fact choose the region or regions in which their data is stored.

Customers can make a copy or a backup of the content in more than one region. The original content will not be transferred outside of the selected region, unless specifically requested or in accordance with applicable regulations.

Security in Aruba's Cloud environment

Certified standards

Aruba is the first Italian Cloud provider to be awarded the Bureau Veritas declaration of conformity with the CISPE Code, the GDRP code of conduct designed for Cloud infrastructure.

Aruba has also been awarded a number of certificates confirming its compliance with solid security standards, including ISO 27001 (with extension to guidelines 27017, 27018 and 27035), ISAE 3402 Type II Report and ANSI/TIA-942 Certification.

Shared liability

For the Cloud, Aruba has adopted a model of shared liability, according to which Aruba is responsible for the security of the Cloud infrastructure (Cloud security), and customers are responsible for the security of their data and applications (Security in the Cloud).

Reliable and efficient data centers

Aruba's Data Centers have been designed to guarantee maximum reliability: redundancy of all sources of energy and cooling systems, maximum security of the facilities, redundancy of network connections and a highly-experienced team of experts.

To find out more about Aruba's infrastructures, please visit our website https://www.datacenter.it/en

Cloud experts

Aruba has a number of different solutions architect teams, account managers, consultants, trainers and staff in the European Union who have been trained on Cloud compliance and security and are available to help Aruba customers with a series of best security practices for the Cloud.


CISPE is a coalition of technology companies focusing on providing Cloud Computing infrastructure services throughout Europe. With offices in 11 European countries (Bulgaria, France, Germany, Spain, Finland, Italy, the Netherlands, Norway, Poland, Switzerland and the United Kingdom) and operating in more than 15 countries, the following Cloud Computing infrastructure service providers have agreed to the CISPE code of conduct: Arsys, Art of Automation, Aruba, BIT, Daticum, Dominion, Fasthosts, FjordIT, Gigas, Hetzner Online, Home, Host Europe Group, IDS, Ikoula, LeaseWeb, Lomaco, Outscale, OVH, Seeweb, Solidhost, UpCloud, VTX, XXL Webhosting, 1&1 Internet.

“Cloud Infrastructure Services Providers in Europe (CISPE)”, a recently formed coalition of more than 20 Cloud infrastructure providers in Europe, including Aruba, has produced the first code of conduct for data protection, which allows customers of Cloud infrastructure providers to process and save data exclusively within the EU/EEA. According to the CISPE Code of Conduct, Cloud infrastructure providers cannot carry out ‘data mining’ or trace a customer data profile for the purposes of marketing, advertising or similar activities, for personal use or to sell to third parties. The CISPE Code precedes the application of the European Union's new General Data Protection Regulation (GDPR). It fits in with the requirements stipulated by the new regulation, with the main goal of giving citizens back control of their own personal data, and simplifying the legislative context for international commerce by unifying the regulations within the EU. CISPE brings together Cloud infrastructure providers of various kinds operating in more than 15 countries.

The CISPE Code of Conduct helps customers decide whether the Cloud infrastructure services are suitable for the processing of personal data that they wish to carry out, and those considered suitable will be identified by a Trust Mark, as explained in detail here. This mark can be used by Cloud infrastructure providers to show customers that they comply with the relevant requirements, and the approved organizations will be listed on the CISPE website. According to the CISPE Code of Conduct, Cloud infrastructure customers will have the guarantee that Cloud infrastructure providers will not process their personal data for their own benefit or to sell to third parties, such as for example to extract personal data, profiling individuals, marketing or similar activities. As well as this, providers certified by the CISPE Code of Conduct must offer their customers the option to process and save data exclusively within the EU or EEA. This means that the customers of providers in this sector or software who obtain these Cloud infrastructure services can check where their own data is physically processed and saved, in the knowledge that their provider will not reuse or resell that data.