What you need to know about the code of conduct
A code of conduct is a sectoral compliance tool that addresses the operational needs of professionals in their efforts to comply with the GDPR.
This content is a courtesy translation of the original publication in French. In the event of any inconsistencies between the French version and this English translation, please note that the French version shall prevail.
What is a code of conduct?
A code of conduct is an accountability tool since it allows the adherents to demonstrate their compliance by justifying the good practices implemented. It considers the GDPR’s requirements but may also include recommendations that goes beyond these requirements. It is the result of a twofold voluntary process: the sector’s representative organisation decision to develop a code and the support of the concerned professionals.
It is a practical tool that meets the needs of professionals in the concerned sector particularly micro, small and medium-sized companies, in order to help them apply the GDPR’s provisions. A code of conduct must be written in a clear and understandable manner in order for it to be applicable by professionals who are not necessarily data protection experts.
A code of conduct highlights the best practices of the sector with for example standard information, templates of contractual clauses, recommendations for security measures, etc., in a vocabulary adapted to the sector.
A code of conduct is neither a charter, nor a simple practical guide, nor a code of ethics, although it has some common features.
A code of conduct, as provided for by the GDPR, is a legally binding tool: it is binding to those who adhere to it. Indeed, it binds the adherents, on one side, to comply with the written rules in the code and on the other side, to accept that a third party controls its good application (with the exception of codes of conduct concerning public bodies).
Who can develop a code of conduct?
It must be established by an organisation representing a sector of activity. The development of the code of conduct is based on a sectoral approach which must be initiated by an association, a federation or a body representing categories of data controller or data processor.
This body, which will be the “code owner”, must be able to demonstrate that it is representative of the sector. This can be done through indicators such as the number of adherents represented, the expertise of the organisation in the sector of activity concerned, etc.
What are the benefits of a code of conduct?
The code of conduct makes it possible to:
- Build a common ground of good practices regarding data protection;
- Demonstrate compliance with the GDPR within the scope of the code of conduct;
- Harmonise the practices of the sector;
- Meet the needs of micro, small, medium-sized companies in their efforts to comply with the GDPR by providing them with a simple and operational tool;
- Send a positive signal to clients and professionals in a sector.