Circle
Events
Blog

Research Topic

Privacy

Latest ResearchWorking Group
Cloud Security Alliance Code of Conduct for GDPR Compliance (Updated - September 2020)
Cloud Security Alliance Code of Conduct for GDPR Compliance (Updated - September 2020)

Download

How do privacy and security overlap?
In most aspects of the collection, use or processing of personal data, privacy and security functions overlap or coexist to some extent and at times use similar tools. Privacy and security professionals should regularly communicate to ensure that they understand each other’s responsibilities, needs, capabilities, and limitations; and keep track of the changes to the ecosystem in which the personal data is used by their organization. They also need to ensure that their efforts complement, and do not conflict with, each other, so that they can enable their organization to meet its objectives in the most efficient and cost-effective, manner.

Cloud Service Providers (CSPs) will be responsible for self-determining the level of protection required for the personal data they process.
Data protection compliance is becoming increasingly risk-based. Data controllers and processors are accountable for determining and implementing in their organisations appropriate levels of protection of the personal data they process. In such a decision, they have to take into account factors such as state of the art of technology; costs of implementation; and the nature, scope, context and purposes of processing; as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. To help address these challenges CSA created the CSA Code of Conduct for GDPR Compliance. It aims to provide Cloud Service Providers (CSPs) and cloud consumers a solution for GDPR compliance and to provide transparency guidelines regarding the level of data protection offered by the CSP. The code can be used to submit a self-assessment to the CSA STAR Registry.


Privacy Level AgreementPrivacyGDPRSTAR

Discuss this topic in Circle

Have an interesting article or video on this topic that you want to share? Anyone can join the discussion community for this topic to share ideas or ask questions.

View discussion community

Participate in Privacy Research

This group monitors the legal and regulatory landscape and performs research in the area of privacy and data protection compliance for cloud computing services at a global scale. Currently the group is working to extend the scope of the GDPR Code of Conduct in order to satisfy the data protection/privacy requirements in other relevant countries/states.

View the working group

How to Maintain Privacy in the Cloud

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

CSA Code of Conduct for GDPR Compliance

CSA Code of Conduct for GDPR Compliance

The CSA Code of Conduct is designed to offer both a compliance tool for GDPR compliance and transparency guidelines regarding the level of data protection offered by the Cloud Service Provider. No matter whether you are an enterprise Data Protection Officer using cloud services or a Cloud Service Provider, the CSA Code of Conduct for GDPR Compliance provides a consistent and comprehensive framework for complying with the EU’s GDPR. The code is designed to offer both a compliance tool for GDPR compliance and transparency guidelines regarding the level of data protection offered by the Cloud Service Provider. This can be used to submit a self-assessment to the CSA STAR Registry.

Privacy Level Agreement Code of Conduct Translation in 10 Languages

Privacy Level Agreement Code of Conduct Translation in 10 Languages

CSA in the context of an agreement with OneTrust has translated the Privacy Level Agreement Code of Conduct (GDPR Code of Conduct) v3.1 in 10 languages in order to facilitate their easier adoption by organizations in the corresponding countries. Provided translations are in the following languages: Spanish (ES), German (DE), French (FR), Italian (IT), Japanese (JA), Danish (DA), Dutch (NL), Portuguese (PT), Romanian (RO), and Swedish (SV).

Webinars

Understanding, Completing, and Submitting a CAIQ
Understanding, Completing, and Submitting a CAIQ

October 19 | Online

Learn more

Evolution of Cloud Security & Privacy Technologies  - CxO Perspectives
Evolution of Cloud Security & Privacy Technologies - CxO Pe...

February 24 | Online

Learn more

Impact of Digital Transformation on Security Strategy
Impact of Digital Transformation on Security Strategy

October 28 | Online

Learn more

Blog Posts

Being a Good Cyber Citizen in a Digital World
​California Privacy Rights Act: What Are the Consequences for Cloud Users?
What Schrems 2 Means for your Privacy Shield Program