Submit Declaration of Adherence: SCOPE Europe srl

Switch to Dutch version / Schakel over naar de Nederlandse versie

Background

The Data Pro Code (the “Code”) provides clear requirements in regards of transparency and contractual clauses. In regards of transparency, the Code requires Monitored Companies to clearly indicate in the Data Pro Statement if the Statement is limited to distinct products and services, and if there are any deviations. Likewise, the Code requires that the Data Pro Statement must be accompanied with adequate contractual clauses. Subsequently, rather as a due preparation of these two documents, the Monitored Company shall apply defined Principles and implement and maintain internal measures to effectively act compliant.

Monitoring Body

SCOPE Europe is an accredited GDPR Monitoring Body. As Monitoring Body, SCOPE Europe assesses whether organisations comply with the Data Pro Code of Conduct and manages the public Data Pro Register. The procedures of SCOPE Europe have been reviewed and approved by the Autoriteit Persoonsgegevens (AP), and as Monitoring Body, SCOPE Europe is legally required to maintain independence and demonstrate that there are no conflicts of interests.

SCOPE Europe is an independent organisation that operates separately from NLdigital. NLdigital remains the owner of the Data Pro Code of Conduct: for questions about the Code of Conduct or the associated data processing agreement, you can contact NLdigital (info@~@nldigital.nl). NLdigital has no influence over the assessment of organisations. As Monitoring Body, SCOPE Europe has a formal role (which includes reporting to the AP on all relevant matters on its monitoring of the Data Pro Code), and therefore, its communication is formal and standardised.

Expectation of the Monitoring Body

As the implemented measures may materially differ between different Monitored Companies and Monitored Services, there is no specific blueprint how to do so.

Most relevant information is made publicly available by the Data Pro Statement. Consequently, the required information focusses on retrieving a current copy of the two main pillars, i.e., the Data Pro Statement and the contractual clauses.

Nonetheless, Monitored Company may be subject to a randomized in-depth assessment, which will focus – as needed – on the completeness, accuracy and consistency of the Data Pro Statement and contractual clauses, as well as an assessment regarding the existence of required internal measures, including an assessment if such measures reflect the statements in the Data Pro Statement and Principles laid down in the Code.

Whenever this DoA template requires to indicate implemented measures, especially policies or procedures, please provide a short description of the procedure being in place. If such description is covered by the Data Pro Statement already, a reference to the relevant section suffices. Where documentation is required, please indicate where and how the procedure is documented. It will not suffice to only refer to any documentation without describing the principles and steps of the procedure. Nor will it suffice – where documentation is required – to only describe the procedure without referencing the documentation (e.g. file name, file version, storage). Please also keep in mind, that a documented procedure or policy is expected to indicate its version, department / personnel responsible for maintaining / signing-off the procedure / policy, and in which cases the procedure / policy is applicable.

Consequences if expectations are not met

For the avoidance of doubt: if your responses are not convincing, as they may either lack material level of detail, the reference may be imprecise or lack references to other provisions that may be applicable as well, or you provide details regarding your procedures but the reference to your documents is missing, the Monitoring Body will consider your response as incomplete / inconsistent. Especially if you are passing an initial assessment, this will, in best case, only delay the declaration of adherence process; in worst case scenarios, especially if the Monitoring Body provided you with chances to enhance your provided response by requesting follow-up responses, the Monitoring Body will consider your repeated insufficient responses as not being capable to convince the Monitoring Body of your compliance anymore; hence it will stop the declaration of adherence and consider your declared services as non-compliant with the Code – at least for the time being. This will not hinder you to start a new declaration of adherence process as soon as you have better prepared yourself and thus being able to convincingly respond to the Monitoring Bodies requests.

Start Online Form

Name	Purpose	Lifetime	Type	Provider
CookieConsent	Saves your consent to using cookies.	1 year	HTML	Website
fe_typo_user	Assigns your browser to a session on the server.	session	HTTP	Website

Name	Purpose	Lifetime	Type	Provider
_pk_id	Used to store a few details about the user such as the unique visitor ID.	3 months	HTML	Matomo
_pk_ref	Used to store the attribution information, the referrer initially used to visit the website.	2 weeks	HTML	Matomo
_pk_ses	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
_pk_cvar	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
_pk_hsr	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo

Background

Monitoring Body

Expectation of the Monitoring Body

Consequences if expectations are not met

Contents

Our Scope

Monitoring Body

Projects

Contact

Twitter

Newsletter

Rue de la Science 37, 1040 Brussels, Belgium