Code of conduct: publication of the accreditation requirements for monitoring bodies

24 July 2020

A code of conduct allow a sector of activity to support the compliance of the professionals concerned and require to be controlled by third party organizations. The CNIL publishes the requirements that enables it to approve these bodies.

Codes of conduct are part of the compliance tools provided by the General Data Protection Regulation (GDPR). They enable a business sector to support the compliance of the professionals concerned through practical and operational recommendations.

When drawing up a code of conduct, the association or federation representing professionals must organise the monitoring of the code after its approval. For this purpose, the RGPD provides the intervention of a third party organization that must be approved by the CNIL in order to fulfil this mission.

The main requirements of the repository

The accreditation requirement, which received a favourable opinion from the European Data Protection Board (EDPB), makes it possible to check that the future monitoring body provides all the necessary guarantees to fulfil its mission.

These requirements, which may be general or specific, relate in particular to:

  • the independence of the monitoring body and the absence of conflict of interest;
  • the appropriate level of expertise of the auditors;
  • specific security measures;
  • transparent handling of complaints;
  • regular monitoring procedures; and
  • procedures for the adoption of sanctions and other corrective measures.

Keywords associated to this article