Share this post:
By Cristina Cabella, Chief Privacy Officer, IBM and William Tworek, Director of Security & Privacy, IBM SaaS
As part of IBM’s robust and enduring commitment to protecting our clients’ data, we have just signed up another 24 of our services to the EU Data Protection Code of Conduct for Cloud Services (The EU Cloud Code of Conduct). Customers can now be further assured that those additional Software as a Service (SaaS) offerings – as well as other services we’ve already signed-up to the Code – go far beyond regulatory compliance for data privacy and security. We are delighted to be the first company to offer our customers this transparent, independent endorsement across such a large portfolio of services covering not just infrastructure but also software and platform cloud services.
Cristina Cabella, IBM’s Chief Privacy Officer
Having our services adhere to The EU Cloud Code of Conduct is crucial as we and our clients approach the May 2018 implementation deadline for the EU’s General Data Protection Regulation (GDPR). Signing up to the Code, which includes elements of the new regulation, means we are well placed to help clients become ‘GDPR ready.’ This is because complying with The Code entails introducing GDPR-specific measures to our services before the May 2018 deadline. What GDPR laws will look like at a national level is not yet 100% clear so while no company can currently claim full compliance with GDPR – either at an EU or at a Member State level – by signing up to The EU Cloud Code of Conduct we send a strong signal of IBM’s current GDPR readiness.
This code of conduct is unique in that it is the only cloud code which the European Commission has been involved in developing. On top of the European Commission’s active role, the thorough process to develop The Code also involved the
William Tworek, Director of Security & Privacy for IBM SaaS Offerings
EU’s Article 29 Working Party, representing national Data Protection Authorities. The EU Cloud Code of Conduct is also the only code that addresses the full range of cloud services, reflecting the comprehensive nature of GDPR and covering data processors and controllers.
It is crucial that the EU Cloud Code of Conduct is both independent and transparent. Certifications are governed by SCOPE Europe, an independent code monitoring body. SCOPE Europe will assess new signings to the Code and continue to monitor them for adherence. Furthermore, rather than being buried in bilateral contracts, The EU Cloud Code of Conduct is fully transparent and accessible on-line to all who wish to examine it or use it.
The 24 services signed up this week join IBM’s SoftLayer and Bluemix Infrastructure services which were signed up to The EU Cloud Code of Conduct shortly after its launch earlier this year, and we look forward to continuing to sign up additional services in the near future. The EU Cloud Code of Conduct applies to services that use IBM’s standard terms and conditions.
Anita Kelly (for IBM)