Skip to Content
Skip to Footer

Public Policy

Salesforce Adopts European Union’s New Cloud Code of Conduct

This May marks the third anniversary of the European Union’s (EU) General Data Protection Regulation (GDPR). The three years since GDPR became law have made it incredibly clear that trust is key to ensuring technology’s success and growth. 

Today, I am excited to share another important milestone on this privacy journey — the European Data Protection Board approved the EU Data Protection Code of Conduct for Cloud Service Providers (commonly known as the EU Cloud Code of Conduct). By certifying to the first-of-its-kind code, cloud service providers can demonstrate their commitment to compliance with the GDPR. 

Salesforce is committed to compliance with global data protection laws and standards. To demonstrate our commitment, we maintain a comprehensive set of compliance certifications and attestations. As a founding member of the Code’s General Assembly, we are pleased to now have a means to demonstrate our ability to comply with GDPR by declaring adherence to the code for our core services. SCOPE Europe, the EU Code of Conduct’s independent monitoring body, will now evaluate Salesforce’s declaration of adherence. We encourage all cloud providers and partners to join us, and help build an industry committed to ensuring data protection for all.

Why we need a EU Code of Conduct

The EU Code of Conduct is a comprehensive and authoritative compliance framework capable of addressing the specific regulatory needs of the cloud industry. Ultimately, it will help enable the broader adoption of cloud services across the continent, and further protect the rights of millions of Europeans. 

The code also creates a guide for organizations to build trust with individuals, showing a commitment to responsible use of data. 

Former European Commission Vice-President Neelie Kroes, a Salesforce board member, led the creation of the Code through meaningful exchanges with the European Commission, data protection authorities, and the wider cloud community. Addressing the EU Cloud Compliance Summit on May 20, Kroes reinforced the need for trust in today’s digital landscape. 

“We have all seen how important digital technologies, and cloud computing in particular, have been during the COVID pandemic — for work-from-home, remote learning, and vaccine management,” she said. “But people and businesses will not use what they can’t trust… I would like to encourage more cloud service providers to get familiar with the Code and consider joining. This way we can create a wide trust ecosystem.”

People and businesses will not use what they can’t trust.

Neelie Kroes, Former European Commission Vice-President, Salesforce board member

Working with European stakeholders for trusted digital infrastructure

At Salesforce, our top priority is the security and privacy of customer data. In addition to our commitment to key third party certifications such as C5 in Germany and ASIP Santé in France in 2015, we were the first enterprise software company to achieve approval from European data protection authorities for our Binding Corporate Rules (BCRs) for Processors to facilitate international transfers of European Union (EU) personal data. Our BCRs were amended in 2018 to meet our new commitments with the GDPR.

In November 2020, we also became an early member of GAIA-X, an initiative jointly launched by the French and the German governments to create a cloud-based data ecosystem that promotes both innovation and the highest standards of data protection and security.

With these efforts and the new EU Code of Conduct, we will continue to work with industry and political stakeholders for trusted digital infrastructure.

For more information on Salesforce and privacy, visit salesforce.com/privacy.