Insights European Data Protection Board consults on Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under GDPR

Contact

The aim of the Guidelines is to provide practical guidance and interpretative assistance in relation to the application of Articles 40 (codes of conduct) and 41 (monitoring of codes) of the GDPR. They are intended to help clarify the procedures and the rules involved in the submission, approval and publication of codes at both a National and European level. They intend to set out the minimum criteria required by a Competent Supervisory Authority (CompSA) before carrying out an in depth review and evaluation of a code. They also set out the factors relating to the content to be taken into account when evaluating whether a particular code provides and contributes to the proper and effective application of the GDPR. Finally, they intend to set out the requirements for the effective monitoring of compliance with a code.

The Guidelines also act as a clear framework for all CompSAs, the EDPB and the Commission to evaluate codes in a consistent manner and to streamline the procedures involved in the assessment process. The idea is that the framework provide greater transparency, ensuring that code owners who intend to seek approval for a code are fully conversant with the process and understand the formal requirements and the appropriate thresholds required for approval.

Comments should be sent to the EDPB by 2 April 2019. For further information, click here.