What are ‘Codes of Conduct’ under EU Data Protection Law?
Key points:
EU Data Protection Law recommends the use of approved codes of conduct.
Codes of conduct reflect the needs of different processing sectors and micro, small and medium sized enterprises.
Trade associations or bodies representing a sector can create codes of conduct to help their sector comply with EU Data Protection Law in an efficient and cost effective way.
Committing to a code of conduct is voluntary. However, if there is an approved code of conduct that is relevant to the processing, organizations may wish to consider signing up. It can also help show compliance to the Supervisory Authority, the public and in their business to business relationships.
Trade associations or bodies representing a sector can create codes of conduct, in consultation with relevant stakeholders, including the public where feasible. They can amend or extend existing codes to comply with the requirements of European Data Protection Law.
Under Article 40 and 41 of GDPR:
Art. 40: Codes of conduct
1. The Member States, the supervisory authorities, the Board and the Commission shall encourage the drawing up…
