Privacy Level Agreement (PLA) Code of Conduct
A Compliance Tool for Providing Cloud Services in the European Union
Abstract:
Data protection compliance is becoming increasingly risk-based. Data controllers and processors are accountable for determining and implementing in their organisations appropriate levels of protection of the personal data they process. In such decision, they have to take into account factors such as state of the art of technology; costs of implementation; and the nature, scope, context and purposes of processing; as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. As a result, Cloud Service Providers (CSPs) will be responsible for self-determining the level of protection required for the personal data they process. In this scenario, the PLA Code of Conduct gives guidance for legal compliance and the necessary transparency on the level of data protection offered by the CSP. Privacy Level Agreements (PLAs) are essentially intended to provide:
- Cloud customers of any size with a tool to evaluate the level of personal data protection offered by different CSPs (and thus to support informed decisions)
- CSPs of any size and geographic location with a guidance to comply with European Union (EU) personal data protection legislation and to disclose, in a structured way, the level of personal data protection they offer to customers.
PLA Code of Conduct is designed to meet both actual, mandatory EU legal personal data protection requirements (i.e., Directive 95/46/EC and its implementations in the EU Member States) and the forthcoming requirements of the GDPR. This specific feature makes PLA a unique tool that helps CSPs, cloud customers and potential customers manage the transition from the old to the new EU data protection regime, and contributes to the proper application of the GDPR into the cloud sector.
Guarda il video
Non hai potuto partecipare live? Guarda il video >> clicca qui
Il Ciclo di webinar
Guarda le altre date e argomenti cliccando qui
Paolo Balboni
Gruppo di Lavoro Sicurezza Informatica Assintel, Founding Partner ICT Legal Consulting