I’m saying that Azure has achieved adherence to the EU Cloud Code of Conduct (EU Cloud CoC), developed for cloud suppliers to align with the EU’s Common Knowledge Safety Regulation (GDPR). The EU Cloud CoC is the primary GDPR code of conduct that has obtained the European Knowledge Safety Board (EDPB) optimistic opinion, which was adopted by remaining approval led by the Belgian Knowledge Safety Authority. The EU Cloud CoC additionally marks the 100th compliance providing for Azure, greater than every other cloud supplier, offering clients a excessive degree of assurance by way of controls, proof, and verification.
The EU Cloud CoC serves as a foundation for implementing the necessities of Article 28 of the GDPR for cloud suppliers performing as business-to-business processors underneath the GDPR. As a result of the EU Cloud CoC is accredited by the EDPB, Azure clients can use Azure’s adherence to assist exhibit their very own GDPR compliance, in addition to cite it as a danger mitigator in a GDPR Knowledge Safety Affect Evaluation (DPIA). Article 40 of the GDPR particularly encourages the creation of codes of conduct, in order “to contribute to the right utility of the regulation.” SCOPE Europe acts because the impartial monitoring physique of the EU Cloud CoC.
“This verification of adherence for over 140 Azure providers reveals the broadness and robustness of our monitoring scheme, which applies sturdy safeguards to make sure that declared providers are assembly all necessities set out within the Code. With the assist of key firms like Microsoft, and now with its remaining approval, the EU Cloud Code of Conduct has solidified its place as an unparalleled market normal able to guaranteeing GDPR compliance whereas fostering steady innovation and development.”—Jörn Wittmann, Managing Director, SCOPE Europe
Microsoft Azure providers are verified compliant with the EU Cloud CoC, Verification-ID: 2021LVL02SCOPE116. For additional data please go to the EU Cloud CoC Public Register.
Microsoft has lengthy demonstrated our dedication to satisfy and exceed the necessities of EU knowledge safety legal guidelines. As an illustration, we had been the primary main expertise firm to affirm our compliance with the GDPR and to increase core GDPR rights and protections to our client clients globally—not simply to these within the EU. Earlier this month, we introduced the EU Knowledge Boundary for the Microsoft Cloud, which by the tip of 2022 will transcend our current knowledge storage commitments and allow industrial or public sector clients within the EU to course of and retailer all of their knowledge within the EU.
Microsoft submitted Azure’s attestation of adherence to the EU Cloud CoC primarily based on info submitted to SCOPE Europe, counting on third-party audits from three widely-regarded certifications: ISO/IEC 27001 (Info Safety Administration System), ISO/IEC 27701 (Privateness Info Administration System), and ISO/IEC 27018 (Cloud Privateness), that are foundational to Azure safety and compliance. Clients and evaluators can confirm Azure’s adherence to those and different safety and privateness requirements, comparable to SOC 1-Three, FedRAMP, NIST 800-53 HITRUST, and PCI DSS in Azure Safety Middle. Azure mixed certifications and provide a whole lot of built-in safety controls—comparable to authentication, entry, encryption, and logging—which can be mapped to those requirements.
Now with 100 compliance choices, Azure has the business’s broadest and deepest compliance portfolio. Azure compliance choices are really world, with over 60 choices particular to over 20 areas and nations, together with Argentina, Australia, Belgium, Canada, China, Denmark, EU, France, Germany, India, Japan, Korea, the Netherlands, New Zealand, Poland, Singapore, Spain, Switzerland, the UAE, the UK, and the US. Azure can also be constructed for the precise wants of key industries and complies with over 50 compliance choices particular to the well being, authorities, finance, training, manufacturing, and media industries.
Study extra about Azure’s complete portfolio of compliance choices.