EDPB adopts final Codes of Conduct guidelines

By Jaclyn Jaeger2019-06-11T14:09:00+01:00

No comments

The European Economic Area Data Protection Authorities and the European Data Protection Supervisor met for their eleventh plenary session on June 4, in which the European Data Protection Board (EDPB) adopted a final version of the guidelines on Codes of Conduct, as well as final versions of the annex to the guidelines on accreditation and certification.

The aim of the guidelines on Codes of Conduct, the EDPB said, is to provide practical guidance and interpretative assistance in relation to the application of Articles 40 and 41 of the EU’s General Data Protection Regulation. “The guidelines intend to help clarify the procedures and the rules involved in the submission, approval, and publication of Codes of Conduct at both the national and the European level,” the EDPB said.

These guidelines should further act as a clear framework for all competent supervisory authorities, the EDPB, and the Commission to evaluate Codes of Conduct in a consistent manner and to streamline the procedures involved in the assessment process, the EDPB said.

Annex to guidelines on accreditation. At the eleventh plenary session, the EDPB also adopted a final version of the annex to the guidelines on accreditation, following public consultation, to enhance clarity. “The aim of the guidelines is to provide guidance on how to interpret and implement the provisions of Article 43 GDPR,” the EDPB said. “In particular, they aim to help member states, supervisory authorities, and national accreditation bodies establish a consistent and harmonized baseline for the accreditation of certification bodies that issue certification in accordance with the GDPR.”

“The annex provides guidance on the additional requirements for the accreditation of certification bodies to be established by the supervisory authorities. These additional requirements, before being adopted by supervisory authorities, are to be submitted to the EDPB for approval pursuant to Article 64(1)(c).”

Annex to the guidelines on certification. Following public consultation, the EDPB also adopted a final version of annex 2 to the guidelines on certification, expanding on certain sections—for example, whether the criteria address the obligation of the controller/processor to appoint a data protection officer and the obligation to keep records of the processing activities. The primary aim of these guidelines is to identify overarching criteria that may be relevant to all types of certification mechanisms issued in accordance with Article 42 and Article 43 of the GDPR.

“The annex identifies topics that data protection supervisory authorities and the EDPB will consider and apply for the approval of certification criteria for a certification mechanism,” the EDPB said. “The list is not exhaustive but presents the minimum topics to be considered.”

Websites

We are not responsible for the content of external sites

European Data Protection Board - Eleventh Plenary session

Jaclyn JaegerJaclyn Jaeger is a freelance contributor to Compliance Week after working for the company for 15 years. She writes on a wide variety of topics, including ethics and compliance, risk management, legal, enforcement, technology, and more.

Topics

No comments

Article
Experts: How to move forward with the GDPR
2022-06-27T12:49:00Z
Data privacy experts speaking at an industry event believe the mechanisms in place under the General Data Protection Regulation to ensure compliance, enforcement, and redress need revisiting—and quickly.
Article
FATF adds Gibraltar to AML/CFT watchlist; Malta removed
2022-06-24T13:58:00Z
The Financial Action Task Force added Gibraltar to its list of jurisdictions working with the organization to improve the countering of money laundering, terrorist financing, and proliferation financing within their borders.
Article
European Commission assessing GDPR improvements, not overhaul
2022-06-24T13:52:00Z
Three key members of the European Commission believe the General Data Protection Regulation should be enhanced by targeting aspects of data privacy through other laws rather than revamping the GDPR itself.

No comments yet

You're not signed in.

Only registered users can comment on this article.

More GDPR

Article
Four years of GDPR: New tech testing data privacy law’s longevity?
2022-05-25T15:52:00Z
It has been four years since the European Union’s flagship data privacy legislation came into force, but concerns are already being raised about whether the General Data Protection Regulation is being outpaced by technological developments and their use of data.
Article
Dissatisfaction with GDPR pushing EU countries toward local laws
2021-12-21T15:18:00Z
So far, Europe’s wide-reaching data privacy rules have seemingly failed to curb Big Tech firms’ use and abuse of citizens’ personal data. As a result, some EU data regulators are pursuing their own investigations—often through other legislation.
Article
CWE panel: GDPR ‘the start of a culture of data protection’
2021-11-15T21:50:00Z
Belgian Data Protection Authority head David Stevens and Member of European Parliament Axel Voss discussed ways the General Data Protection Regulation could be improved for the future during a keynote at CW’s virtual Europe event.

Protect your company from cyber risks

Learn from the latest headlines and protect your company today

EDPB adopts final Codes of Conduct guidelines

Websites

European Data Protection Board - Eleventh Plenary session

Topics

Related articles

Experts: How to move forward with the GDPR

FATF adds Gibraltar to AML/CFT watchlist; Malta removed

European Commission assessing GDPR improvements, not overhaul

No comments yet

Only registered users can comment on this article.

More GDPR

Four years of GDPR: New tech testing data privacy law’s longevity?

Dissatisfaction with GDPR pushing EU countries toward local laws

CWE panel: GDPR ‘the start of a culture of data protection’