Guidelines 01/2019 on Codes of Conduct and Monitoring Bodies under the GDPR

SECTION 9  ENGAGEMENT

58. It is important to note that the assessment process should not serve as an opportunity to further consult on the provisions of the submitted code with the CompSA. The CompSA is tasked, under Article 40 (5), to provide an opinion on whether the draft code complies with the GDPR. As such, the communication envisaged between the CompSA and the code owners during this stage of the process will be primarily for the purposes of clarification and to assist in carrying out an evaluation under Article 40 and 41. It is anticipated that code owners will liaise, as appropriate, with supervisory authorities in advance of submitting their draft code for approval. In principle, the approval stage of the process should not invite further consultation by the code owners on particular provisions in the draft code nor should it allow for an extended assessment whereby amendments are continually submitted to the CompSA. It is also imperative that code owners are available to provide answers on points of clarification in respect of their draft code and that they are capable of doing so within a reasonable period of time. It is important that the code owners are prepared and organised to address queries in an efficient and able manner. It is recommended that a single or dedicated point of contact is provided to the CompSA. It will be at the discretion of the CompSA as to whether it needs  further information before making its decision on the draftcode and it will also have discretion to determine the manner of any communication between the parties. For the purposes of continuity, the CompSA will also remain as the principal point of contact during the entire approval process for transnational codes.