Under article 40 of the GDPR speaks about to draw up the code of conduct by the Member States, Supervisory Authorities, the Board and the Commission; so that the proper application of GDPR can be made in order to bring the accountancy of the specific features of the various processing sectors and the specific needs of micro, small and medium-sized enterprises can be brought up in a better way.
It further states that the Associations and other bodies representing categories of controllers or processors may prepare codes of conduct, or amend or extend such codes, for the purpose of specifying the application of this regulation, such as with regard to-
- Fair and transparent processing;
- The legitimate interests pursued by controllers in specific contexts;
- The collection of personal data;
- The pseudonymisation of personal data;
- The information provided to the public and to data subjects;
- The information provided to the public and to data subjects;
- The exercise of the rights of data subject;
- The information provided to,and the protection of, children, and the manner in which the consent of the holder of parental responsibility over children is to be obtained;
- The notification of personal data breaches to supervisory authorities and the communication of such personal data breaches to data subjects;
- The transfer of personal data to third countries or international organisations; or
- Out-of-court proceedings and other dispute resolution procedures for resolving disputes between controller and data subjects with regard to processing, without prejudice to the rights of data subjects as per art. 77 and 79.
Article 40 also seek to make the code of conduct in such a way to include the mechanism which enable the body referred to in article 41(1) to carry out the mandatory monitoring of compliance with its provisions by the controllers and processors which undertake to apply it without prejudice to the tasks and powers of competent supervisory authority.
This article further asks the commission to ensure appropriate publicity for the approved codes which have been decided as having general validity. The board must collate all approved codes of conduct, amendments and extensions in a register and must make them publicly available by way of appropriate means.
Picture Credit- https://www.dreamstime.com