Cloudflare Achieves New EU Cloud Code of Conduct Validation Demonstrating GDPR Compliance to Strengthen Trust in Cloud Services

March 30, 2023

New global data protection and GDPR compliance validation reinforces Cloudflare’s commitment to cloud security and data protection and privacy in Europe

San Francisco, CA, and Brussels, Belgium, [March 30, 2023]Cloudflare, Inc. (NYSE: NET), the security, performance, and reliability company helping to build a better Internet, today announced it has successfully demonstrated compliance with the EU Cloud Code of Conduct, a code officially approved under the EU’s General Data Protection Regulation (GDPR), providing tailored guidance for GDPR implementation. The EU Cloud Code of Conduct covers all cloud service layers, and compliance is validated by accredited monitoring body SCOPE Europe. Cloudflare’s global network and strong commitment to upholding the very highest data protection standards will encourage the adoption of privacy-protecting cloud services across the continent by reinforcing for end users the importance of data protection.

The EU Cloud Code of Conduct brings trust and transparency to the European cloud computing market, helping organizations to source cloud services from GDPR-compliant providers hence boosting adoption of this key innovation-friendly initiative across the EU and beyond. Commenting on the milestone Cloudflare’s Chief Privacy Officer, Emily Hancock, said “The question of how personal data is handled by cloud services and how these services comply with the GDPR remains a key concern that we hear every day when we talk with CIOs and Data Protection Officers, whether in the private or public sector. This is why Cloudflare joined the EU Cloud Code of Conduct last May, and alongside our existing privacy certifications ISO 27701 and ISO 27018, demonstrates our commitment to the highest standards of data protection globally. Today we are proud to successfully complete our assessment journey by receiving the EU Cloud Code of Conduct compliance mark as it demonstrates our compliance with the GDPR and is an important milestone in our mission to help to build a better Internet.”

Cloudflare has been audited by a 3rd-party privacy specialist as meeting this important standard. The independent auditor validated over 80 controls and their public validation report will be available shortly from the Cloudflare Trust Hub for customers, partners, and other stakeholders to download and review. The report details 47 Cloudflare products across Application and Network services, Cloudflare’s developer platform Workers, Cloudflare One Zero Trust Services, Analytics, and the Cloudflare privacy and compliance portfolio including the Data Localization Suite (DLS).

To learn more about Cloudflare and its commitments to data protection and privacy in Europe, check out the resources below:

About the EU Cloud Code of Conduct

Following a positive opinion by the European Data Protection Board, the EU Cloud Code of Conduct was fully approved by the Belgian Data Protection Authority and is therefore a legally-operational Code of Conduct pursuant to Article 40 of the GDPR. Defining clear requirements for Cloud Service Providers to implement Article 28 GDPR, the Code covers all cloud service layers (IaaS, PaaS, SaaS), has its compliance overseen by an accredited monitoring body, and represents the vast majority of the European cloud industry market share.

About Cloudflare

Cloudflare, Inc. (www.cloudflare.com / @cloudflare) is on a mission to help build a better Internet. Cloudflare’s suite of products protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine’s Top Company Cultures 2018 list and ranked among the World’s Most Innovative Companies by Fast Company in 2019.

Forward-Looking Statements

This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern our expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding the benefits to Cloudflare and its customers from Cloudflare successfully demonstrating its compliance with the EU Cloud Code of Conduct, the impact of the EU Cloud Code Conduct on the European cloud computing market, the potential future adoption of privacy-protecting cloud services across Europe, the potential benefits to Cloudflare customers from using Cloudflare’s products, network, and other technology, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by our Chief Privacy Officer and others. Actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in our filings with the Securities and Exchange Commission (SEC), including our Quarterly Report on Form 10-K filed on February 24, 2023, as well as other filings that we may make from time to time with the SEC.

The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. We undertake no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. We may not actually achieve the plans, intentions, or expectations disclosed in our forward-looking statements, and you should not place undue reliance on our forward-looking statements.

© 2023 Cloudflare, Inc. All rights reserved. Cloudflare, the Cloudflare logo, and other Cloudflare marks are trademarks and/or registered trademarks of Cloudflare, Inc. in the U.S. and other jurisdictions. All other marks and names referenced herein may be trademarks of their respective owners.

Press Contact Information
Daniella Vallurupalli
+1 650-741-3104
press@cloudflare.com