Codes of Conduct and Monitoring Bodies under the GDPR
Guidelines 01/2019 on Codes of Conduct and Monitoring Bodies under the GDPR
APPENDIX 2 – CHOOSING A COMPSA
Code owners may have a choice regarding the identification of a CompSA for the purposes of seeking approval of their transnational draft code. The GDPR does not set out specific rules for identifying the CompSA who is most appropriate to carry out an assessment of a draft code. Nevertheless, to assist code owners in identifying the most appropriate CompSA, to evaluate their code, some of the factors which could be taken into account may include the following:
-
The location of the largest density of the processing activity or sector;
-
The location of the largest density of data subjects affected by the processing activity or sector;
-
The location of the code owner’s headquarters;
-
The location of the proposed monitoring body’s headquarters; or
-
The initiatives developed by a supervisory authority in a specific field;