Guidelines on Codes of Conduct and Monitoring Bodies

The aim of these guidelines is to provide practical guidance and interpretative assistance in relation to the application of Articles 40 and 41 of the GDPR. They are intended to help clarify the procedures and the rules involved in the submission, approval and publication of codes at both a National and European level.

They intend to set out the minimum criteria required by a Competent Supervisory Authority (“CompSA”) before accepting to carry out an in depth review and evaluation of a code. Further, they intend to set out the factors relating to the content to be taken into account when evaluating whether a particular code provides and contributes to the proper and effective application of the GDPR. Finally, they intend to set out the requirements for the effective monitoring of compliance with a code.