Pursuant to Article 40 of the GDPR, the Member States, the supervisory authorities, the European Data Protection Board and the Commission encourage the drawing up of codes of conduct intended to contribute to the proper application of the Regulation - taking account of the specific features of the various processing sectors.
These codes are to help entrepreneurs operating within one industry avoid mistakes in implementation of measures aimed at ensuring compliance with the personal data protection regulations. Each company which will apply the guidelines included in the GDPR code for a given sector will be sure that the applied solutions comply with the standards developed by industry representatives - administrators, associations and other processors, and what is most important accepted by the Personal Data Protection Office.
Currently, in Poland works on several codes have been started, but none of them has been adopted yet due to the lack of accepted requirements for the entities monitoring a given code. A draft was submitted to EDPD (European Data Protection Board) in June 2020. It is very likely that if the draft is adopted without amendments, then at the end of this year or at the beginning of the next year entities willing to keep the code of conduct will be able to apply to the Personal Data Protection Office for accreditation.
At present, approximately 30 GDPR industry codes are being worked on. The most advanced works are being carried out on the following codes:
We will keep you updated on the progress of works on the GDPR industry codes of conduct.