Aruba, one of the founding members of the Cispe-Cloud Infrastructure Services Providers in Europe, announced the approval of the Cispe Code of Conduct, the first pan-European code created to standardize cloud regulation, in accordance with the GDPR, with the main objective of enable European citizens and businesses to protect their personal data within the European Economic Area. The approval was confirmed by the European Data Protection Board (Edpb). Aruba recalled that the Cispe code defines best practices and provides concrete guidelines so that cloud providers can raise data protection standards and provide transparency to their customers by clearly establishing the role, responsibilities and boundaries for both provider than for customers. By choosing services declared compliant with the Cispe code, from today users are guaranteed access to reliable cloud infrastructures who adhere to data processing and archiving procedures in full compliance with the GDPR. The Furthermore, the Cispe code offers companies a framework of reference recognized for demonstrating full compliance of their certified cloud services, providing concrete examples of what they and their customers are required to do to protect data under GDPR rules.
“The approval of the Cispe Code for data protection is an important step, both for the industry and for end users, which thanks to transparent rules will protect the rights of European citizens in the digital age “commented Stefano Cecconi, CEO of Aruba and Vice President of Cispe.” We expect – added the manager- a relationship of greater trust towards service providers: the data will be processed and stored in the European Economic Area and the providers will not be able to access customer data for purposes other than the maintenance or provision of the chosen services “.
A milestone also supported by Aruba customers, including Ducati Motor Holding who entrusted Alessandro Iervolino with a comment to Dpo & Ciso: “In the manufacturing and motorsport sectors, we need to collect and process significant amounts of data guaranteeing maximum security in terms of resilience and compliance with the GDPR “.” For this reason – continues Iervolino – it is essential to have complete confidence that even the cloud infrastructure services we rely on are fully compliant. Providers who declare their services compliant with the Cispe code give us an additional layer of assurance that they provide this critical compliance. “
Among the Monitoring Bodies, i.e. the competent control bodies, Paolo Tondi, I&F Italy Sales Manager of Bureau Veritas, confirms in this regard that “the strength of any Code of Conduct lies in the verification of the services that are declared under it”. “As a globally recognized supervisory body, Bureau Veritas is completely independent of the code and companies that declare the services. Therefore, customers can be confident that there are no conflicts of interest and that each service has been fully and extensively verified before receiving the declaration of conformity “he stresses again.