Insights European Data Protection Board holds eleventh plenary session

Contact

During the plenary, various guidelines were finalised:

  • Guidelines on Codes of Conduct: the EDPB adopted a final version of the Guidelines on Codes of Conduct. Following public consultation, points of clarification were included in the text. The aim of the guidelines is to provide practical guidance and interpretative assistance in relation to the application of Articles 40 and 41 GDPR. The guidelines are intended to help clarify the procedures and rules involved in the submission, approval and publication of codes of conduct at both national and European level. The guidelines should further act as a clear framework for all competent supervisory authorities, the EPDB and the Commission to evaluate codes of conduct in a consistent manner and to streamline the procedures involved in the assessment process;
  • Annex to the Guidelines on Accreditation: the EDPB adopted a final version of the annex to the Guidelines on Accreditation, following public consultation. The text has been reviewed to improve clarity. The aim of the guidelines is to provide assistance on how to interpret and implement the provisions of Article 43 GDPR. In particular, they aim to help Member States, supervisory authorities and national accreditation bodies establish a consistent and harmonised baseline for the accreditation of certification bodies;
  • Annex to the Guidelines on Certification: the EDPB adopted a final version of annex 2 to the Guidelines on Certification. Following public consultation, some aspects were added to certain sections, for example, whether the criteria address the obligation of the controller/processor to appoint a DPO and the obligation to keep records of processing activities. The primary aim of the guidelines is to identify overarching criteria which may be relevant to all types of certification mechanisms issued in accordance with GDPR. The annex identifies topics that data protection supervisory authorities and the EDPB will consider and apply for the approval of certification criteria for a certification mechanism. The list is not exhaustive, but sets out the minimum topics to be considered.

To read the EDPB press summary, click here.

Expertise