Cloud 101CircleEventsBlog
Get 50% off the Cloud Infrastructure Security training bundle with code 'unlock50advantage'
Something went wrong fetching the event listings.
×

Working Group

Privacy Level Agreement

This group monitors the legal and regulatory landscape and performs research in the area of privacy and data protection compliance for cloud computing services at a global scale. Currently the group is working to extend the scope of the GDPR Code of Conduct in order to satisfy the data protection/privacy requirements in other relevant countries/states.
View Current Projects
Cloud Security Alliance Code of Conduct for GDPR Compliance (Updated - September 2020)
Cloud Security Alliance Code of Conduct for GDPR Compliance (Updated - September 2020)

Download

Privacy Level Agreement
How do privacy and security overlap?
In most aspects of the collection, use or processing of personal data, privacy and security functions overlap or coexist to some extent and at times use similar tools. Privacy and security professionals should regularly communicate to ensure that they understand each other’s responsibilities, needs, capabilities, and limitations; and keep track of the changes to the ecosystem in which the personal data is used by their organization. They also need to ensure that their efforts complement, and do not conflict with, each other, so that they can enable their organization to meet its objectives in the most efficient and cost-effective, manner.

Cloud Service Providers (CSPs) will be responsible for self-determining the level of protection required for the personal data they process.
Data protection compliance is becoming increasingly risk-based. Data controllers and processors are accountable for determining and implementing in their organisations appropriate levels of protection of the personal data they process. In such a decision, they have to take into account factors such as state of the art of technology; costs of implementation; and the nature, scope, context and purposes of processing; as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. To help address these challenges CSA created the CSA Code of Conduct for GDPR Compliance. It aims to provide Cloud Service Providers (CSPs) and cloud consumers a solution for GDPR compliance and to provide transparency guidelines regarding the level of data protection offered by the CSP. The code can be used to submit a self-assessment to the CSA STAR Registry.

Related training available through CSA.
CSA also offers a course that trains lead auditors & consultants in the CSA GDPR Code of Conduct and the CSA GDPR Certification. This training is led by Prof. Dr. Paolo Balboni (Founding Partner of ICT Legal Consulting). You can learn more about this course here 

Working Group Leadership

Marina Bregkou
Marina Bregkou

Marina Bregkou

Senior Research Analyst, CSA EMEA

Daniele Catteddu
Daniele Catteddu

Daniele Catteddu

Chief Technology Officer, CSA

Daniele Catteddu is an information security and risk management practitioner, technologies expert and privacy evangelist with over 15 of experience. He worked in several senior roles both in the private and public sector. He is member of various national and international security expert groups and committees on cyber-security and privacy, keynote speaker at several conferences and author of numerous studies and papers on risk management, ...

Read more

Working Group Co-Chairs

Paolo Balboni
Paolo Balboni

Paolo Balboni

Founding Partner of ICT Legal Consulting, President of the European PrivacyAssociation Professor of Privacy, Cybersecurity, and IT Contract Law at theEuropean Centre on Privacy and Cybersecurity (ECPC) within the Maastricht University Faculty of Law.

Paolo Balboni (qualified lawyer admitted to the Milan Bar) is a FoundingPartner of ICT Legal Consulting (ICTLC),a law firm with offices in Milan, Bologna, Rome, an International Desk inAm...

Read more

Isabella Oldani Headshot Missing
Isabella Oldani

Isabella Oldani

Martim Taborda Barata
Martim Taborda Barata

Martim Taborda Barata

Martim is a Partner at ICTLC – an international law firm specializing in information and communication technology, privacy, data protection/security, and intellectual property law – having accumulated over 5 years of practical experience in these areas throughout his career. His primary focus is managing privacy and data protection compliance strategies for multinational clients (including organizations in the courier and mail delivery, fin...

Read more

Publications in ReviewOpen Until
Zero Trust Privacy Assessment and GuidanceDec 27, 2024
Cybersecurity and the Data LifecycleJan 05, 2025
AI Controls MatrixJan 19, 2025
View all
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Virtual Meetings

Attend our next meeting. You can just listen in to decide if this group is a good for you or you can choose to actively participate. During these calls we discuss current projects, and well as share ideas for new projects. This is a good way to meet the other members of the group. You can view all research meetings here.

No scheduled meetings for this working group in the next 60 days.

See Full Calendar for this Working Group

Open Peer Reviews

Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

Learn how to participate in a peer review here.

Zero Trust Privacy Assessment and Guidance

Open Until: 12/27/2024

The objective of this paper is to provide guidance for using zero trust in privacy implementation. This document highlights...

Cybersecurity and the Data Lifecycle

Open Until: 01/05/2025

The data lifecycle refers to the comprehensive process that data undergoes, from its creation to eventual disposal. Underst...

AI Controls Matrix

Open Until: 01/19/2025

The CSA AI Controls Matrix is a framework of control objectives to support organizations in their secure and responsible de...