Beyond Adequacy: Fostering Trustworthy International Data Transfers

Panel
Maritime
Wednesday 20.05 — 11:50 - 13:05

Organising Institution

EU Cloud Code of Conduct

Belgium

The EU Cloud Code of Conduct (EU Cloud CoC) is a transnational Code of Conduct under Article 40 of the GDPR, endorsed by the European Data Protection Board (EDPB). It sets out practical guidance for cloud service providers on how to implement the requirements of Article 28 GDPR. Applicable across all cloud service layers—Infrastructure (IaaS), Platform (PaaS), and Software (SaaS)—the Code establishes a standardized compliance framework. Adherence is independently monitored by SCOPE Europe, the accredited monitoring body. The Code has been adopted by a wide range of providers of all sizes, covering a significant share of the European cloud services market.

Academic 1
Business 2
Policy 3

As we reach GDPR’s 10th anniversary, international data transfers continue to impose significant challenges to both organizations and regulators. From crucial court rulings to evolving adequacy discussions, ensuring lawful, resilient, and trustworthy cross-border data flows remains a major concern for privacy professionals. To effectively navigate this fragmented and fast-changing landscape, the performance of appropriate risk assessments and implementation of effective technical and organizational measures are indispensable. This panel will examine key developments shaping international transfer compliance, also reflecting on the potential role of underutilized compliance tools such as codes of conduct and certifications. Finally, the discussion will situate these challenges within the context of the proposed GDPR simplification under the Digital Omnibus Regulation, assessing its potential implications for the future of international data transfers.

Questions to be answered

What are the key developments that have shaped the current landscape for international data transfers, and why do these challenges remain so persistent for both organizations and regulators?
How can organizations and regulators work towards ensuring international data flows that are not only lawful, but also resilient and trustworthy?
How to build a layered approach to managing international transfers to avoid reliance on a single transfer mechanism?
In light of the proposed GDPR simplification, how could the governance of international data transfers evolve?