In the ninth of a series of posts on the General Data Protection Regulation (GDPR), which comes into force from May 25th, 2018, I’m looking at what GDPR has to say about codes of conduct.
Here’s what you need to know:
What are codes of conduct?
GDPR states that codes of conduct can be established to help firms and organisations demonstrate compliance and best practice in regards to data collection and processing. These can be set up by independent bodies and authorities, which must submit them to the European Data Protection Board for approval.
Following an approved code of conduct can be declared as a valid means of proving compliance.
Who monitors each code of conduct?
Compliance with a code of conduct is assessed and monitored by the body that set it up. For example, the FCA could establish a code of conduct for the financial services industry, which you would follow to ensure your activities are compliant.
How are codes of conduct useful?
The chief benefit of a code of conduct is that it boils down all the many different facets of GDPR into a set of principles that are common to a particular sector. This will cut down on the time and effort needed to stay compliant.
Also, by following a code of conduct you would receive a seal of accreditation which shows existing and potential investors that you have data protection certification. This could be a useful marketing tool.
By extension, it also makes it easier for you to outsource data handling work by choosing a certified company. This is also helpful for cross-border transfer, as companies outside the EU are allowed to sign up to GDPR codes of conduct.
• Codes of conduct can be set up by independent bodies and used by firms to demonstrate GDPR compliance
• Compliance will be monitored by the establishing body
• Codes of conduct make compliance, and the outsourcing of data handling operations, easier