Gathering years of expertise in the field of self- and coregulation, the drafting and the monitoring of GDPR codes of conduct, SRIW’s and SCOPE Europe’s main recommendation focuses on streamlining the approval and operationalisation of codes of conducts under GDPR.
The streamlining can be achieved "by reviewing the procedural requirements in receiving a Code of Conduct’s approval and a Monitoring Body’s accreditation.
- Generally, the legal framework and EDPB’s guidelines are considered suitable, if applied consistently. Specifically for transnational Codes of Conduct, it is recommended to ensure harmonized interpretation, because projects suffer delays, e.g., by means of consistently and mutually determining the competent data protection supervisory authorities.
- Approval and accreditation periods as indicated by GDPR are not yet met in practice. Therefore, it is recommended to adapt such periods to more realistic timelines and to clarify that in case data protection supervisory authorities cannot by majority determine undisputable conflicts with GDPR, Codes of Conduct shall be deemed in accordance with GDPR.
In regards of Codes of Conduct tackling third country transfers, a general validity by implementing act by the EU Commission is required. It is strongly recommended to ensure that procedural efforts will be streamlined preventing any unreasonable delays in operationalizing such projects."
