Public Services > Central Government

Cloud forum beefs up practice code to help get service providers GDPR-ready

David Bicknell Published 20 July 2017

CIF code enhanced to address General Data Protection Regulation’s requirements


The Cloud Industry Forum, which represents cloud service and infrastructure providers, has now announced enhancements to its code of practice to address the General Data Protection Regulation’s (GDPR) requirements.

It hopes it will enable cloud service providers (CSPs) to establish themselves as GDPR ready and give their customers a clearer path to publicly identify trusted cloud suppliers amid uncertainty over GDPR’s requirements.

The GDPR comes into effect in May 2018, bringing with it new roles and responsibilities for data controllers and data processors. The regulations are intended to harmonise legislation across the EU and better protect citizens’ data.

However, CIF says, as it stands, there is uncertainty about the new laws as there are no clear and accredited standards in place that specify what measures CSPs must implement to ensure compliance. CIF says it has therefore incorporated key components of the GDPR into its existing Code framework to help organisations navigate and comply with the terms of the regulations.

CIF says its code provides a comprehensive framework that enables CSPs to benchmark their operations against standards developed by the industry and offers a checklist for best practice in the provision of cloud services based on three pillars of transparency, capability and accountability.

CSPs who certify to the code, CIF says, will have the skills and knowledge to ensure their organisation is on the right track for compliance with GDPR. Additionally, existing certified Code resellers will be encouraged to update their position to include the GDPR additions.

Alex Hilton, CIF’s chief executive said, “The GDPR is a considerable piece of legislation that will leave no space for companies to hide, especially if they don’t take data security seriously. A failure to demonstrate compliance with the GDPR can result in organisations receiving massive punitive fines which, aside from damaging their reputation, could potentially put them out of business. It is therefore vital that these organisations have the appropriate skills and knowledge in place.

He added, “It’s incumbent on CSPs to be able to demonstrate they have the required capabilities. However, in many ways the GDPR is an abstract and non-prescriptive piece of legislation and the absence of a concrete standard makes it difficult for certain companies to be sure that what they have put in place is compliant.”

“This is exactly why we have enhanced our Code of Practice. The updated certification will help guide companies on their path to compliance with the GDPR. CIF’s Code aims to bring greater transparency and trust when doing business in the cloud, and these attributes are key determining factors for the success of any CSP who wants to prosper now and once the GDPR comes into full effect. Due to the updates that have been implemented, we believe that everyone will be able to gain the support they need and that confidence will be instilled in clients and customers. But ultimately, this will help create a better and safer cloud for all.”

Frank Jennings, lawyer and chair of the Code of Practice governance board added, “Cloud providers (and their customers) could face fines of up to €20m for data breaches under GDPR and Brexit won’t change that. Compliance with the updated Code should help compliance with GDPR and will reduce the likelihood of a receiving such a fine.”

"The GDPR will force customers to go back to their service providers to verify they are ready to deliver on their commitments under the new regulation. Similarly, customers selecting a new provider will include GDPR in their due diligence. For service providers GDPR is a mission critical event for the retention of existing customers and winning new customers and the CIF Code is there to provide assurance to customers," added CIF deputy chair Frank Bennett.

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.