Working Group
Privacy Level Agreement
This group monitors the legal and regulatory landscape and performs research in the area of privacy and data protection compliance for cloud computing services at a global scale. Currently the group is working to extend the scope of the GDPR Code of Conduct in order to satisfy the data protection/privacy requirements in other relevant countries/states.
View Current ProjectsCloud Security Alliance Code of Conduct for GDPR Compliance (Updated - September 2020)
In most aspects of the collection, use or processing of personal data, privacy and security functions overlap or coexist to some extent and at times use similar tools. Privacy and security professionals should regularly communicate to ensure that they understand each other’s responsibilities, needs, capabilities, and limitations; and keep track of the changes to the ecosystem in which the personal data is used by their organization. They also need to ensure that their efforts complement, and do not conflict with, each other, so that they can enable their organization to meet its objectives in the most efficient and cost-effective, manner.
Data protection compliance is becoming increasingly risk-based. Data controllers and processors are accountable for determining and implementing in their organisations appropriate levels of protection of the personal data they process. In such a decision, they have to take into account factors such as state of the art of technology; costs of implementation; and the nature, scope, context and purposes of processing; as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. To help address these challenges CSA created the CSA Code of Conduct for GDPR Compliance. It aims to provide Cloud Service Providers (CSPs) and cloud consumers a solution for GDPR compliance and to provide transparency guidelines regarding the level of data protection offered by the CSP. The code can be used to submit a self-assessment to the CSA STAR Registry.
CSA also offers a course that trains lead auditors & consultants in the CSA GDPR Code of Conduct and the CSA GDPR Certification. This training is led by Prof. Dr. Paolo Balboni (Founding Partner of ICT Legal Consulting). You can learn more about this course here
Working Group Leadership
Marina Bregkou
Senior Research Analyst, CSA EMEA
Daniele Catteddu
Chief Technology Officer, CSA
Daniele Catteddu is an information security and risk management practitioner, technologies expert and privacy evangelist with over 15 of experience. He worked in several senior roles both in the private and public sector. He is member of various national and international security expert groups and committees on cyber-security and privacy, keynote speaker at several conferences and author of numerous studies and papers on risk management, ...
Working Group Co-Chairs
Paolo Balboni
Founding Partner of ICT Legal Consulting, President of the European PrivacyAssociation Professor of Privacy, Cybersecurity, and IT Contract Law at theEuropean Centre on Privacy and Cybersecurity (ECPC) within the Maastricht University Faculty of Law.
Paolo Balboni (qualified lawyer admitted to the Milan Bar) is a FoundingPartner of ICT Legal Consulting (ICTLC),a law firm with offices in Milan, Bologna, Rome, an International Desk inAm...
Isabella Oldani
Martim Taborda Barata
Martim is a Partner at ICTLC – an international law firm specializing in information and communication technology, privacy, data protection/security, and intellectual property law – having accumulated over 5 years of practical experience in these areas throughout his career. His primary focus is managing privacy and data protection compliance strategies for multinational clients (including organizations in the courier and mail delivery, fin...
Publications in Review | Open Until |
---|---|
Zero Trust Privacy Assessment and Guidance | Dec 27, 2024 |
Cybersecurity and the Data Lifecycle | Jan 05, 2025 |
AI Controls Matrix | Jan 19, 2025 |
Who can join?
Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.
What is the time commitment?
The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.
Virtual Meetings
Attend our next meeting. You can just listen in to decide if this group is a good for you or you can choose to actively participate. During these calls we discuss current projects, and well as share ideas for new projects. This is a good way to meet the other members of the group. You can view all research meetings here.
No scheduled meetings for this working group in the next 60 days.
Open Peer Reviews
Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.