Code of conduct: CNIL grants first accreditation to a monitoring body

16 July 2021

The accreditation of a body in charge of monitoring the code of conduct is essential for the code to be operational. Following the approbation of the code of conduct for cloud infrastructure service providers (CISPE), the CNIL accredited EY CERTIFYPOINT B.V., which will ensure the compliance of code members, on 17 June 2021.

Codes of conduct allow professionals in a sector of activity to demonstrate their compliance with the GDPR by justifying their good practices. Adherence to a code is voluntary, but it implies a control of its correct application by third party bodies. In order to carry out this task, these bodies must be accredited by the competent supervisory authority on the basis of an accreditation requirements.

The CNIL approved the first European code of conduct for cloud infrastructure service providers (Iaas) on 3 June 2021.  This code, supported by Cloud Infrastructure Service Providers Europe (CISPE), identifies several bodies that will be responsible for ensuring its proper application by members, including EY CERTIFYPOINT B.V.

EY CERTIFYPOINT B.V. submitted an application for accreditation based on the CNIL's requirements. After a phase of investigation and discussion, the CNIL has decided to issue the accreditation for a period of 5 years from June 17 2021 and will ensure that the accredited body complies with the CNIL's requirements.

The code of conduct supported by CISPE is now operational and EY CERTIFYPOINT B.V. as a monitoring body, will be responsible for ensuring that the code members comply with its requirements.

Further applications for accreditation to the CISPE code of conduct are currently being processed.

Keywords associated to this article