Introduction The GDPR introduced a possibility for controllers and processors to demonstrate compliance with the GDPR through adherence to an approved code of conduct. The code should be prepared by an association or other body representing categories of controllers or processors with the purpose of specifying the application of the GDPR in a specific sector, such as with regard to fair and transparent processing, the collection of personal data, and the information provided to the public and to data subjects. In order for the code to be a legitimate tool that contributes to the proper application of the GDPR, it must be submitted to, and approved by, a competent supervisory authority. Trans