CISPE (Cloud Infrastructure Services Providers in Europe) is a coalition of cloud computing leaders serving millions of European customers. The CISPE Code of Conduct helps customers ensure that their cloud infrastructure provider is using appropriate data protection standards to protect their data consistent with Europe’s current Data Protection Directive and the upcoming General Data Protection Regulation (GDPR). Cloud providers adhering to the Code must give customers the choice to store and process their data entirely within the European Economic Area. Providers must also commit that they will not access or use their customers' data for their own purposes, including, in particular, for the purposes of data mining, profiling or direct marketing.
The CISPE Data Protection Code of Conduct provides a data protection compliance framework that helps customers assess whether their provider’s cloud infrastructure services can be used to process personal data, and if they will be in compliance with current and future obligations. The Code facilitates the proper application of the new European rules on data protection from the GDPR. CISPE members share the GDPR’s objectives of strengthening citizens’ fundamental rights in the digital age and are therefore proactively outlining best practices ahead of the GDPR being implemented in 2018.