IBM Declares Software and Platform Cloud Services Adherence to the EU Data Protection Code of Conduct

Share this post:

By Cristina Cabella, Chief Privacy Officer, IBM and William Tworek, Director of Security & Privacy, IBM SaaS 

As part of IBM’s robust and enduring commitment to protecting our clients’ data, we have just signed up another 24 of our services to the EU Data Protection Code of Conduct for Cloud Services (The EU Cloud Code of Conduct). Customers can now be further assured that those additional Software as a Service (SaaS) offerings – as well as other services we’ve already signed-up to the Code –  go far beyond regulatory compliance for data privacy and security.   We are delighted to be the first company to offer our customers this transparent, independent endorsement across such a large portfolio of services covering not just infrastructure but also software and platform cloud services.

cristina cabella

Cristina Cabella, IBM’s Chief Privacy Officer

Having our services adhere to The EU Cloud Code of Conduct is crucial as we and our clients approach the May 2018 implementation deadline for the EU’s General Data Protection Regulation (GDPR). Signing up to the Code, which includes elements of the new regulation, means we are well placed to help clients become ‘GDPR ready.’ This is because complying with The Code entails introducing GDPR-specific measures to our services before the May 2018 deadline. What GDPR laws will look like at a national level is not yet 100% clear so while no company can currently claim full compliance with GDPR – either at an EU or at a Member State level – by signing up to The EU Cloud Code of Conduct we send a strong signal of IBM’s current GDPR readiness.

This code of conduct is unique in that it is the only cloud code which the European Commission has been involved in developing. On top of the European Commission’s active role, the thorough process to develop The Code also involved the

IBM's William Tworek

William Tworek, Director of Security & Privacy for IBM SaaS Offerings

EU’s Article 29 Working Party, representing national Data Protection Authorities.  The EU Cloud Code of Conduct is also the only code that addresses the full range of cloud services, reflecting the comprehensive nature of GDPR and covering data processors and controllers.

It is crucial that the EU Cloud Code of Conduct is both independent and transparent. Certifications are governed by SCOPE Europe, an independent code monitoring body. SCOPE Europe will assess new signings to the Code and continue to monitor them for adherence. Furthermore, rather than being buried in bilateral contracts, The EU Cloud Code of Conduct is fully transparent and accessible on-line to all who wish to examine it or use it.

The 24 services signed up this week join IBM’s SoftLayer and Bluemix Infrastructure services which were signed up to The EU Cloud Code of Conduct shortly after its launch earlier this year, and we look forward to continuing to sign up additional services in the near future. The EU Cloud Code of Conduct applies to services that use IBM’s standard terms and conditions.


Media Contact:
Anita Kelly (for IBM)

More Uncategorized Stories

IBM Statement on the European Parliament’s “EU Digital Trade Strategy” Report

IBM applauds the push by the European Parliament for Digital Trade and data flows to be prioritized in the EU's broader trade strategy moving forward.

Continue reading

Healthcare Evolution in the Digital Single Market

IBM VP of European Government and Regulatory Affairs lays out how the EU's digital single market can advance the evolution of healthcare.

Continue reading

Apprenticeships at IBM: From Teacher to Student

Throughout his high school career and the jobs that followed, Brandon Whittington has always had an interest in technology. Then one day he took a job at a local elementary school. The job was unique in that he was responsible not only for maintaining and repairing the school’s network of computers, but also for teaching […]

Continue reading