EU Cloud Code of Conduct
(CoC) was designed to contribute to an environment of trust
and transparency in the European cloud computing market and
to simplify the risk assessment process of Cloud Service
Providers (CSPs) for cloud customers.
The CoC was developed by
an independent third party association, in collaboration
with several industry players.
Adherence to an approved code of conduct, as
described in GDPR Article 40, can be used to help
demonstrate that sufficient guarantees have been made to
implement appropriate technical and organizational measures
as a data processor under the GDPR.
The CoC was approved by the Belgian Data Protection
Authority on May 20, 2021, based on a positive opinion by
the European Data Protection Board. Prior to official
endorsement by supervisory authorities, Scope Europe enabled
CSPs to demonstrate their adherence to the EU CoC under
provisional assessment procedures.
Google Cloud Platform
have demonstrated their adherence to the CoC at the second
level of compliance, which means that these services commit
to implementing data protection and security policies that
align to the GDPR as determined by Scope Europe. To
demonstrate compliance, Google Cloud performed an internal
audit of over 80 CoC requirements and leveraged our existing
independent third-party certificates and audits, such as