What is Code of Conduct?
A code of conduct in data protection is a set of rules developed by an industry association or group of organizations that specifies how data protection regulations apply to specific processing activities within their sector.
A code of conduct in the data protection context, provided for under Articles 40-41 of the GDPR, is a set of sector-specific or processing-specific rules designed by associations or bodies representing categories of controllers or processors. These codes specify the application of the GDPR to particular processing activities and must be approved by the competent supervisory authority. Codes of conduct are intended to contribute to the proper application of the GDPR while taking into account the specific features of different processing sectors.
Codes of conduct may address fair and transparent processing, legitimate interests, collection of personal data, pseudonymization, information provided to the public and to data subjects, exercise of data subject rights, information provided to and protection of children, technical and organizational measures including data protection by design, breach notification, data transfers to third countries, and out-of-court dispute resolution procedures.
ComplyIQ helps organizations identify applicable codes of conduct within their sector and track compliance with code-specific requirements alongside their broader regulatory compliance obligations. Adherence to an approved code of conduct can serve as a factor in demonstrating compliance with the GDPR's accountability requirements.
Relevant Regulations
How IQWorks Helps
Related Terms
Accountability Principle
The accountability principle requires organizations to demonstrate their compliance with data protection principles through proper documentation, policies, procedures, and technical measures.
Regulatory Compliance
Regulatory compliance refers to an organization's adherence to laws, regulations, guidelines, and specifications relevant to its data processing and business operations.
Data Protection Certification
Data protection certification is a formal attestation by an accredited body that an organization's data processing operations comply with specific data protection standards or regulatory requirements.
Privacy Program
A privacy program is a comprehensive organizational framework encompassing the policies, procedures, people, and technologies that manage an organization's data protection obligations and privacy risks.
Data Governance
Data governance is the overall management of data availability, usability, integrity, and security within an organization, establishing policies, procedures, and accountability for data management.