Skip navigation

Reflecting on 3 Years as an Accredited Monitoring Body

SCOPE EuropeNews

We recently celebrated an important milestone for SCOPE Europe—the third anniversary of our accreditation as the Monitoring Body of the EU Cloud Code of Conduct (EU Cloud CoC), an approved transnational code of conduct pursuant Art. 40 GDPR.

As we commemorate this moment, we reflect on our entire trajectory, since the very conception of our entity and respective monitoring approach until the past three years of formally assessing GDPR compliance through effective co-regulation.

The Role of a Monitoring Body

Under the GDPR, Controllers and Processors can demonstrate compliance by adhering to an approved code of conduct. Adherence to such a code must be monitored by a trusted and accredited monitoring body. In order for a monitoring body to be accredited, it must meet defined requirements as outlined under Art. 41 GDPR and the corresponding guidelines by the European Data Protection Board (EDPB): key elements are the independence of a Monitoring Body, its appropriate level of expertise and established procedures for assessing compliance and handling complaints.

As a Monitoring Body, our responsibilities include assessing compliance, providing adequate guidance, and fostering the  harmonization of robust technical and organizational measures. Our work ensures that the material requirements and general principles of the code of conduct are upheld, thereby enhancing trust and confidence in cloud services.

Our Journey and Achievements

Since receiving our first accreditation from the Belgian Data Protection Authority (DPA) in 2021, SCOPE Europe has formally acted as  the Monitoring Body of the EU Cloud CoC, the first approved transnational GDPR code of conduct tackling the entire cloud environment (XaaS). Our mission has been to contribute to the establishment of a secure and transparent  digital ecosystem by ensuring that cloud services adhere to the highest standards of data protection.

Over the past three years, we have built unique expertise in the assessment of GDPR compliance, which reiterated our commitment to foment multi-stakeholder collaboration, transparency, and accountability. Through the broad adoption of the EU Cloud CoC across the cloud industry, our work has highlighted the unique potential of voluntary legal tools in driving industry-wide improvements and setting benchmarks for data protection.

Additionally, we have since received our second accreditation, this time around from the Dutch DPA and  to monitor a national code of conduct, the Data Pro Code. This new role further expands our monitoring capacity to support data protection across different processing contexts.

We extend our heartfelt gratitude to all our stakeholders for their unwavering support and dedication. Together, we continue to advance GDPR compliance and promote a culture of excellence in data protection.