Codes of conduct according to data protection legislation
How is supervision carried out?
The supervision of compliance with the code of conduct shall be carried out by a person with appropriate expertise in the subject of the code and who has been accredited for that purpose by the competent supervisory authority. The supervision of the agreed code of conduct and the accreditation for the purpose of monitoring compliance is further discussed in Article 41 of the Data Protection Regulation (GDPR).
Once the codes of conduct have been adopted, it will be possible to see which companies are involved in them/have implemented them in the Data Protection Authority’s register of adopted codes of conduct and, if applicable, in the European Data Protection Supervisory Authority’s register. Both registers will be made public.
When an organisation has implemented a code of conduct in its operations, it needs to be able to demonstrate to the supervisor of the code that the requirements of the code are fulfilled. These requirements reflect the activities in question.
Regular monitoring is carried out to ensure that the code of conduct is followed in the operations. The purpose of this is to ensure that the code, and the companies’ participation in it, can be trusted. If the company no longer meets the requirements made in the code, its participation in it can be withdrawn. The supervisor of the code sends a notice to the Data Protection Authority.
Further details on the code of conduct are given in Articles 40 and 41 of Regulation (EU) 2016/679.
