Codes of Conduct under the GDPR: Business opportunities?
Camilla Ravazzolo of the UK Market Research Society reports on the latest developments.
Since the entry into force of the GDPR, so much attention has been focused on how to avoid the extremely large fines, that very little time has been devoted to the understanding of its innovative nature. Its major aim is, of course, ensuring extensive protection of the fundamental rights and freedoms of natural persons. What really characterises the Regulation is the shift from a command-and-sanction regulatory model to a hybrid co-regulation model(1): not only is the GDPR technology neutral(2) – it prescribes obligations but does not specify the means to achieve them – but it also relies quite extensively on a ‘toolbox’ of privately adopted measures that present the undisputed advantage of being able to fit the sector in which they are implemented, and in doing so transcending the theory and enabling the practice.