Who it's for:
- Cloud service providers that wish to demonstrate compliance with the GDPR and CCPA
- Cloud customers that need to evaluate the level of compliance offered by CSPs
CSA Code of Conduct Gap Resolution and Annex 10 to the CSA Code of Conduct for GDPR Compliance
Release Date: 06/21/2023
Working Group: Privacy Level Agreement
This bundle from the CSA Privacy Level Agreement Working Group includes:
- CSA Code of Conduct Gap Resolution spreadsheet
- Annex 10 to the CSA Code of Conduct for GDPR Compliance report
These documents are the result of a mapping exercise conducted between the California Consumer Privacy Act (CCPA), the EU’s General Data Protection Regulation (GDPR), and CSA’s Code of Conduct for GDPR Compliance (CoC). This mapping exercise singled out some CCPA provisions that were not fully covered by the CoC, which may create obligations for cloud service providers hoping to achieve CCPA compliance.
Together, the CoC Gap Resolution and Annex 10 to the CoC set out additional controls that allow cloud service providers to leverage the CoC as a means to achieve and demonstrate CCPA compliance. Furthermore, in line with the overall goals of the CoC, Annex 10 allows cloud customers to assess cloud service providers’ level of compliance with both the GDPR and the CCPA, allowing them to make informed engagement decisions.