Jörn Wittmann, Managing Director SCOPE Europe, explains challenges of GDPR and how Code of Conducts, like EU Cloud CoC, may safeguard future compliance with General Data Protection Regulation (GDPR). SCOPE Europe, recently appointed for both Secretariat and Monitoring Body of the Code, considers Codes of Conduct one of the most refreshing and future-oriented changes of the GDPR, as the primary Selbstregulierung Informationswirtschaft promoted during the last years.
The GDPR wisely avoided a too high level of detail wherever appropriate and necessary due to past experience on the speed and disruptiveness of technical innovation. However, the GDPR did not leave those areas free from any regulation. The GDPR emphasised business responsibilities, though, and grants advantages for those who voluntarily regulate themselves – by making themselves subject to co-regulated Codes of Conduct or certification programmes. Certification – especially for international companies – has been a tool, especially with regards to (IT-)security related issues, for years already. Codes of Conduct now, on the one hand, do invite Small and Medium Enterprises (SME) credibly declare their compliance with GPDR and, on the other hand, create multi-layered safeguards with respect to the individual, context based risk related to the processing of personal data. The latter finally reflects the risk based approach, the GDPR strengthened.
As the EU Cloud CoC is one of the first and main projects on seriously implementing Art. 40 seq GDPR in practice, we appreciate the chance of presenting this lighthouse project to high value representatives of multiple branches and sectors.