I’m announcing that Azure has achieved adherence to the EU Cloud Code of Conduct (EU Cloud CoC), developed for cloud providers to align with the EU’s General Data Protection Regulation (GDPR). The EU Cloud CoC is the first GDPR code of conduct that has received the European Data Protection Board (EDPB) positive opinion, which was followed by final approval led by the Belgian Data Protection Authority. The EU Cloud CoC also marks the 100th compliance offering forAzure, more than any other cloud provider, providing customers a high level of assurance through controls, evidence, and verification.
The EU Cloud CoC serves as a basis for implementing the requirements of Article 28 of the GDPR for cloud providers acting as business-to-business processors under the GDPR. Because the EU Cloud CoC is approved by the EDPB, Azure customers can use Azure’s adherence to helpdemonstrate their own GDPR compliance, as well as cite it as a risk mitigator in a GDPR Data Protection Impact Assessment (DPIA). Article 40 of the GDPR specifically encourages the creation of codes of conduct, so as “to contribute to the proper application of the regulation.” SCOPE Europe acts as the independent monitoring body of the EU Cloud CoC.