I announce that Azure has achieved compliance with the EU Cloud CoC, which is designed for cloud providers to align with the EU’s General Data Protection Regulation (GDPR). The EU Cloud CoC is the first GDPR Code of Conduct to receive the positive opinion from the European Data Protection Board (EDPB), followed by final approval by the Belgian Data Protection Authority. The EU Cloud CoC is also the 100th compliance offering for Azure blueMore than any other cloud provider, it offers its customers a high level of security through controls, evidence and reviews.
The EU Cloud CoC serves as the basis for the implementation of the requirements of Article 28 of the GDPR for cloud providers who act as business-to-business processors within the framework of the GDPR. Since the EU Cloud CoC has been approved by the EDPB, Azure customers can use Azure compliance as an aid prove their own GDPR complianceand listed as a risk reducer in a GDPR data protection impact assessment (DPIA). Article 40 of the GDPR expressly advocates the creation of codes of conduct to “contribute to the correct application of the regulation”. SCOPE Europe acts as an independent monitoring body for the EU Cloud CoC.
“This compliance check for more than 140 Azure services shows the breadth and robustness of our monitoring scheme, which has strict security measures in place to ensure that declared services meet all requirements set out in the Code. With the support of key companies like Microsoft, and now with its final approval, the EU Cloud Code of Conduct has cemented its position as the unprecedented market standard that can ensure GDPR compliance while promoting continued innovation and growth. “- Jörn Wittmann, Managing Director, APPLICATION AREA Europe
Microsoft Azure services are verified according to the EU Cloud CoC, Verification ID: 2021LVL02SCOPE116. For more information, please visit Public register of the EU Cloud CoC.
Microsoft has long demonstrated our commitment to meet and exceed the requirements of EU data protection laws. For example, we were the first major technology company to confirm and agree to our GDPR compliance Extension of the central rights and protective provisions of the GDPR to our consumer customers around the world – not just those in the EU. We announced that earlier this month EU data limit for the Microsoft cloudThis will go beyond our existing data retention obligations by the end of 2022 and allow commercial or public customers in the EU to process and store all of their data in the EU.
Microsoft submitted Azure’s Certificate of Compliance with the EU Cloud CoC based on facts presented to SCOPE Europe, based on third-party audits from three widely recognized certifications: ISO / IEC 27001 (Information Security Management System), ISO / IEC 27701 (Data Protection Information) Management System) and ISO / IEC 27018 (Cloud Privacy), which are fundamental to Azure security and compliance. Customers and evaluators can verify that Azure complies with these and other security and privacy standards such as SOC 1-3, FedRAMP, NIST 800-53 HITRUST, and PCI DSS Azure Security Center. Azure combines certifications and offers hundreds of built-in security controls such as authentication, access, encryption, and logging associated with these standards.
With 100 compliance offerings, Azure now has the broadest and deepest compliance portfolio in the industry. Azure compliance offerings are truly global. Over 60 offers apply to over 20 regions and countries, including Argentina, Australia, Belgium, Canada, China, Denmark, EU, France, Germany, India, Japan, Korea, the Netherlands, New Zealand. Poland, Singapore, Spain, Switzerland, United Arab Emirates, United Kingdom and United States. Azure is also designed to meet the specific needs of key industries, serving over 50 compliance offerings for the healthcare, government, finance, education, manufacturing and media industries.
Learn more about Azure’s comprehensive portfolio Compliance offers.