2021_cispe_cloud_iaas_data_protection_code_of_conduct_-_gdpr_compliance_0.pdf

Here are the key points summarized in English:

Competent Authority: The independent data protection authority responsible for monitoring GDPR compliance.

Complaints Process: A process to address complaints from customers, data subjects, or other CISPs about a service's compliance with Code Requirements.

Key Definitions:

• Customer Data: Personal data processed on behalf of a customer using a cloud infrastructure service.
• Declaration of Adherence: A form confirming that a CISP's service complies with the Code Requirements.
• DPAs: Data protection authorities.
• Enforcement Matrix: A table outlining the steps to take when a CISP is not compliant with Code requirements.

Other Definitions:

• Executive Board: A group of representatives elected by the General Assembly to manage the Code.
• First Written Warning: The Monitoring Body's initial written warning for non-compliance with Code Requirements.
• GDPR Requirement: Requirements for processors under the General Data Protection Regulation (GDPR).
• General Assembly: A group of voting representatives from each CISP participating in the Code.

These definitions are relevant to the CISPE Data Protection Code of Conduct, which aims to promote GDPR compliance among cloud infrastructure service providers.