Cloud Industry Forum updates code of practice for GDPR

The Cloud Industry Forum (CIF) has updated its Code of Practice to address the General Data Protection Regulation’s (GDPR) requirements to “bring clarity to the market”.

The update will help cloud service providers who want to establish themselves as “GDPR-ready”, and give customers a “clear path to publicly identify trusted cloud suppliers”, said CIF.

The GDPR comes into effect in May 2018 and will bring new roles and responsibilities for data controllers and data processors. The regulations aim to harmonise legislation across the EU and better protect citizens’ data. CIF has incorporated key components of the GDPR into its existing Code framework to help organisations navigate and comply with the terms of the regulations. The Code is recognised by the European Union Agency for Network & Information Security (ENISA).

CSPs who certify to the Code will have the skills and knowledge to ensure their organisation is on the right track for compliance with GDPR, CIF said. Additionally, existing certified Code resellers are being encouraged to update their position to include the GDPR additions. Alex Hilton, CEO of CIF, said: “A failure to demonstrate compliance with the GDPR can result in organisations receiving massive punitive fines which, aside from damaging their reputation, could potentially put them out of business. It’s incumbent on CSPs to be able to demonstrate they have the required capabilities.”