Cyber

Cloud code of practice

by Mark Rowe

The Cloud Industry Forum (CIF) reports that its Code of Practice (Code) is addressing the General Data Protection Regulation’s (GDPR) requirements. According to the trade association, this will ultimately bring clarity to the market and will help Cloud Service Providers (CSPs) who want to establish themselves as GDPR ready and give customers a way to publicly identify trusted cloud suppliers.

The GDPR comes into effect across the European Union including the UK in May 2018 and will bring new roles and responsibilities for data controllers and data processors. The regulations aim to harmonise law across the EU and better protect citizens’ data. However, as it stands, there is uncertainty about the new laws as there are no clear and accredited standards in place that specify what measures CSPs must implement to ensure compliance. Hence the CIF has incorporated key parts of the GDPR into its existing Code.

The CIF describes it as a framework that enables CSPs to benchmark their operations against standards developed by the industry and, as a checklist for best practice in provision of cloud services. It is built on transparency, capability and accountability. These have been reviewed by the Cloud Industry Legal Forum, in light of guidance from the European Commission. The Code is recognised by the European Union agency for Network & Information Security (ENISA).

The trade body says that CSPs who certify to the code will have the skills and knowledge to ensure their organisation is on the right track for compliance with GDPR. Certified Code resellers are encouraged to update their position to include the GDPR additions.

Alex Hilton, CEO of CIF, said: “The GDPR is a considerable piece of legislation that will leave no space for companies to hide, especially if they don’t take data security seriously. A failure to demonstrate compliance with the GDPR can result in organisations receiving massive punitive fines which, aside from damaging their reputation, could potentially put them out of business. It is therefore vital that these organisations have the appropriate skills and knowledge in place.

“It’s incumbent on CSPs to be able to demonstrate they have the required capabilities. However, in many ways the GDPR is an abstract and non-prescriptive piece of legislation and the absence of a concrete standard makes it difficult for certain companies to be sure that what they have put in place is compliant.”

Visit: https://www.cloudindustryforum.org/content/code-practice-cloud-service-providers.

Related News

  • Cyber

    Scanner app

    by Mark Rowe

    A consumer cybersecurity product company Dojo by BullGuard has launched its Dojo Intelligent IoT Vulnerability Scanner. It’s described as a free-to-use mobile…

  • Cyber

    Blueprint for protecting in the cloud

    by Mark Rowe

    Rapid innovation is driving organisations to adopt cloud services as critical infrastructure. Cloud acceleration has become a boardroom issue, with non-technical leaders…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing