Codes of conduct and certification
Is adherence to a code of conduct mandatory?
It is not mandatory. It is a useful accountability tool provided by the GDPR which sets out specific data protection rules for categories of controllers and processors. A code of conduct is a mechanism which can be used by controllers and processors having the same activity for the purpose of demonstrating their compliance with the GDPR.
Does adherence to a code of conduct mean that there is compliance with the GDPR?
Adherence to a code of conduct does not, of itself, guarantee compliance with the GDPR in an effective proper way. There must be substantial adequacy in accordance with the rules of the code and other requirements of the GDPR and of the national legislation which the code might not have governed. Demonstration of compliance requires supporting documentation, specifically written reports which not only repeat but describe how the criteria are met.
Does adherence to a code of conduct guarantee immunity from sanctions and liabilities under the GDPR?
The controller or the processor which adheres to a code of conduct is not exempt from sanctions and liabilities under the GDPR, if it is not in a position to demonstrate that data processing is carried out in compliance with the code rules and the GDPR requirements.
Is certification mandatory?
The certification is a voluntary tool which can be produced as commitment and demonstration of compliance with the GDPR.
To learn more, click here or contact me.
Leave a Reply