Introduction The GDPR introduced a possibility for controllers and processors to demonstrate compliance with the GDPR through adherence to an approved code of conduct. The code should be prepared by an association or other body representing categories of controllers or processors with the purpose of specifying the application of the GDPR in a specific sector, such as with regard to fair and transparent processing, the collection of personal data, and the information provided to the public and to data subjects. In order for the code to be a legitimate tool that contributes to the proper application of the GDPR, it must be submitted to, and approved by, a competent supervisory authority. Trans
Insight
EU: First transnational codes approved under the GDPR
July 6, 2021
Summary
The first transnational codes of conduct under the GDPR, focusing on cloud computing, have been approved, namely the EU Cloud Code and the CISPE Code. These codes allow cloud service providers to demonstrate compliance with GDPR principles, particularly Article 28, but do not cover international data transfers. The codes provide guidance on security measures, auditing requirements, and data subject rights, and include mechanisms for monitoring compliance. The EDPB has endorsed these codes, noting their added value in facilitating GDPR application and ensuring efficient enforcement measures.