The discussion, moderated by Gabriela Mercuri, Managing Director, SCOPE Europe, addressed the current regulatory environment, guided by the continued alignment in core principles between the EU and the UK, with only minimal practical divergence in the area of international transfers. The UK was described as largely embracing the EU’s approach to third country data transfers, while tailoring and adding guidance where necessary. At the same time, panellists acknowledged that DPIAs and transfer risk assessments remain burdensome and complex to implement in practice — particularly for SMEs. It was highlighted that clearer pathways to safe flow and more practical tools to support compliance are essential.
Against this backdrop, there was strong consensus that compliance tools such as codes of conduct (Art. 41 GDPR) and certifications (Art. 42 GDPR) are not peripheral mechanisms, but instruments deliberately embedded in the GDPR to support implementation. Regulators welcome the development of codes of conduct as they help set standards, encourage compliance, and provide structured oversight. At the same time, industry sees codes of conduct as the “missing link” between high-level, and at times abstract, legislative provisions and the concrete steps required in daily practice — effectively turning regulation into actionable checklists. During the panel, the added value of these tools (such as the EU Cloud CoC) was reinforced by the fact that approved codes and certifications receive a formal regulatory seal of approval and operate under strict monitoring schemes, providing both accountability and a strong trust signal in the market.
In the specific context of international transfers, codes of conduct were highlighted as particularly promising tools. They can introduce greater transparency around third-country transfers, simplify compliance processes, and translate complex transfer requirements into sector-specific criteria. While not a silver bullet, such mechanisms were described as powerful instruments — potentially even “gold standards” — for fostering reliable, trustworthy cross-border data flows, supported by independent monitoring bodies operating under regulatory oversight.
Thank you to everyone who joined us for this engaging exchange. We look forward to continuing the conversation!
