EDPB adopts Guidelines on Codes of Conduct as a tool for transfers

The European Data Protection Board (EDPB) has adopted Guidelines on Codes of Conduct as a tool for transfers. The guidelines, issued yesterday, clarify interpretation of the GDPR Articles 40(2)(j) and Article 40(3) on data transfers outside the EU.

The guidelines complement the EDPB Guidelines 1/2019 on codes of conduct which establish the general framework for the adoption of codes of conduct, as well as the procedures and rules involved in the submission, approval and publication of codes both at national and European level.

Apart from being an effective accountability tool, codes can ensure sector-wide consistent approaches to GDPR compliance. Adherence to an approved code of conduct will also be a factor taken into consideration by supervisory authorities when evaluating specific features of data processing, such as data security, assessing the impact of processing under a Data Protection Impact Assessment, or when imposing an administrative fine.

The new guidelines will be made available soon on the EDPB website.

See the 2019 guidelines

Privacy Laws & Business Annual Conference discussed International cloud codes of conduct: Building an environment of trust on 6 July in Session 4.