Cloud code of practice

by Mark Rowe

The Cloud Industry Forum (CIF) reports that its Code of Practice (Code) is addressing the General Data Protection Regulation’s (GDPR) requirements. According to the trade association, this will ultimately bring clarity to the market and will help Cloud Service Providers (CSPs) who want to establish themselves as GDPR ready and give customers a way to publicly identify trusted cloud suppliers.

The GDPR comes into effect across the European Union including the UK in May 2018 and will bring new roles and responsibilities for data controllers and data processors. The regulations aim to harmonise law across the EU and better protect citizens’ data. However, as it stands, there is uncertainty about the new laws as there are no clear and accredited standards in place that specify what measures CSPs must implement to ensure compliance. Hence the CIF has incorporated key parts of the GDPR into its existing Code.

The CIF describes it as a framework that enables CSPs to benchmark their operations against standards developed by the industry and, as a checklist for best practice in provision of cloud services. It is built on transparency, capability and accountability. These have been reviewed by the Cloud Industry Legal Forum, in light of guidance from the European Commission. The Code is recognised by the European Union agency for Network & Information Security (ENISA).

The trade body says that CSPs who certify to the code will have the skills and knowledge to ensure their organisation is on the right track for compliance with GDPR. Certified Code resellers are encouraged to update their position to include the GDPR additions.

Alex Hilton, CEO of CIF, said: “The GDPR is a considerable piece of legislation that will leave no space for companies to hide, especially if they don’t take data security seriously. A failure to demonstrate compliance with the GDPR can result in organisations receiving massive punitive fines which, aside from damaging their reputation, could potentially put them out of business. It is therefore vital that these organisations have the appropriate skills and knowledge in place.

“It’s incumbent on CSPs to be able to demonstrate they have the required capabilities. However, in many ways the GDPR is an abstract and non-prescriptive piece of legislation and the absence of a concrete standard makes it difficult for certain companies to be sure that what they have put in place is compliant.”


Related News

  • Cyber

    2020 threat landscape

    by Mark Rowe

    Thus far, the dominant themes of the 2020 threat landscape have been the cybercriminal’s quick adaptation to exploit the pandemic and the…

  • Cyber

    Skills shortage

    by Mark Rowe

    Attitudes towards security continue to harden – with terrorism, geopolitical uncertainty and cyber threats now joining over-regulation in the top four threats…

  • Cyber

    Malware survey

    by Mark Rowe

    There are gaps in what cyber security people know of malware and cyber threats, according to a survey by a malware protection…


Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing