MLex, a media organization providing market analysis and commentary on regulatory risks, published a report on the state of play of Codes of Conduct under GDPR.
The article explores the advantages of Codes of Conduct, also compared to other compliance tools under GDPR. In this context, the analysis states that Codes "have the potential to eliminate legal uncertainty stemming from the GDPR's broad obligations, as well as to align divergent interpretations of the law in different EU countries". The report also identified the EU Cloud Code of Conduct as a best practice example, stating it is a "one of the more advanced draft codes".
Challenges for industries
The current lack of consistent accreditation criteria for Monitoring Bodies is mentioned in the article as a key challenge for companies looking into the option of developing a Code of Conduct - also as a Monitoring Body can be subject to fines of up to 10 million euros. Therefore, "many industries remain reluctant to start drafting codes, preferring to wait for more clarity from regulators around the approval process and the privacy requirements they should work toward". From our point of view, this issue can be also addressed by having an established Monitoring Body for multiple Codes, as foreseen in the EDPB guidelines. Our experience in several Code initiates shows that by relying on the infrastructure and expertise of existing Monitoring Bodies, organizational and administrative burdens can be reduced. To learn more about this topic, please make sure to visit our overview and the FAQ on Monitoring Bodies.