Codes of conduct and monitoring bodies go hand in hand. Moreover, it is essential that the oversight of codes of conduct are conducted by an accredited monitoring body. In this context, it is crucial to highlight that the accreditation of a monitoring body is a significant milestone that must not be overlooked and is simply indispensable for the operationalization of a GDPR code of conduct. The accreditation process ensures that the organization meets all the requirements set out by GDPR and accompanying guidelines, such as possessing the necessary expertise and autonomy to effectively carry out their responsibilities.
Each code of conduct is unique in its design and function. It is only fitting that a monitoring body is required to get accredited by the supervisory authority for each code of conduct separately. For instance, SCOPE Europe underwent two distinct accreditations for the EU Cloud CoC and Data Pro Code. Subsequently, the monitoring body is required to establish a tailored monitoring framework that aligns with the specific requirements of each Code. By doing so, the monitoring body demonstrates its proficiency and competence in making informed decisions related to code compliance.
An accredited monitoring body must maintain, above other elements, an independence across three key dimensions:
• Legal independence, ensuring there are no external influences from corporate affiliations or contractual obligations.
• Financial independence, which entails a transparent and distinct funding mechanism.
• Personal independence, demonstrated through robust measures to avoid any conflicts of interest.
Monitoring bodies are also required to have a complaints procedure in place ensuring total transparency. This means that anyone can put forward a claim if they presume that an adherent company has breached one or more Code controls. We also cannot that an effective monitoring service cannot fulfill its duties without having in place regular audits, reporting requirements, as well as concrete sanctions and remedies in cases of violation of the code.
After receiving accreditation, the monitoring body is tasked with conducting the assessment that will ascertain the service's compliance status. The monitoring framework is contingent upon the extent of each Code's specific scope. For example, the monitoring of the EU Cloud CoC is quite rigorous, with 20% in-depth checks and yearly renewal requirement.
In conclusion, monitoring body is the glue that holds the code of conduct in-tact. It undergoes a thorough accreditation process to ensure that services aligned with the particular Code are evaluated with skill and proficiency. Learn more about SCOPE Europe as an accredited monitoring body: scope-europe.eu/en/monitoring-body