Guidelines 01/2019 on Codes of Conduct and Monitoring Bodies under the GDPR

Section 6.2  Facilitates the effective application of the GDPR

35. As per recital 98 of the GDPR, a code, in order to attain approval, will require code owners to be able demonstrate that their code facilitates the effective application of the GDPR. In this regard, a code will need to clearly stipulate its sector-specific application of the GDPR and identify and address such specific needs of a sector.

For example, providing a list of definitions that are specific to the sector as well as an adequate focus on topics that are particularly relevant to the sector are ways to facilitate the effective application of the GDPR. Using sector-specific terminology to detail the implementation of the requirements of the GDPR in the sector may also improve the clear understanding of the rules by the industry and thus facilitate the effective application of the GDPR. A code should fully take into account the likely risks involved with a particular sector processing activity and appropriately calibrate the related obligations of controllers or processors to whom it applies in light of those risks in that specific sector i.e. providing examples of acceptable terms and conditions in relation to the use of personal data in direct marketing. In terms of format, the content of the code should also be presented in a way that facilitates its understanding, practical use and effective application of the GDPR.