On today’s, March, 24th 2017, joint event by Beltug, CIOforum, EuroCIO and INTUG „Your path to GDPR compliance” Jörn Wittmann was invited to present why codes of conduct are a suitable tool for safeguarding compliance in future. As the EU Cloud CoC is one of the first and main projects on seriously implementing Art. 40 seq General Data Protection Regulation (GDPR) in practice, we appreciate the chance of presenting this lighthouse project to high value representatives of multiple branches and sectors.
The GDPR wisely avoided a too high level of detail wherever appropriate and necessary due to past experience on the speed and disruptiveness of technical innovation. However, the GDPR did not leave those areas free from any regulation. The GDPR emphasised business responsibilities, though, and grants advantages for those who voluntarily regulate themselves – by making themselves subject to co-regulated Codes of Conduct or certification programmes. Certification – especially for international companies – has been a tool, especially with regards to (IT-)security related issues, for years already. Codes of Conduct now, on the one hand, do invite Small and Medium Enterprises (SME) credibly declare their compliance with GPDR and, on the one hand, create multi-layered safeguards with respect to the individual, context based risk related to the processing of personal data. The latter finally reflects the risk based approach, the GDPR strengthened.