EconPapers    
Economics at your fingertips  
 

Adhering to GDPR codes of conduct: A possible option for SMEs to GDPR certification

Eric Lachaud

Journal of Data Protection & Privacy, 2019, vol. 3, issue 1, 48-68

Abstract: The paper shows that adherence to a code of conduct (CoC) offers small and medium enterprises (SMEs) an interesting option to a certification obtained under Article 42 of the General Data Protection Regulation (GDPR). Adhering controllers or processors benefit from similar rights to the one attached to certification without having to demonstrate conformity with the content of the CoC. Moreover, CoCs offer a set of customised guidelines, approved by a data protection authority (DPA(s)) that are accessible for free and designed to facilitate GDPR implementation. The functional scope that might be covered by CoCs is already wider than the one offered by certification, allowing controllers and processors to demonstrate compliance with a broader range of GDPR requirements. Nevertheless, using a CoC instead of certification presents some disadvantages. CoCs have a sectoral coverage limiting availability to the covered sectors. The adherence to a CoC does not grant any seal to signal compliance to end users. The likely competition between national business representatives to draft their own CoC entails the risk of inconsistencies between one member state and another. This risk is fostered by the absence of mutual recognition between national CoCs and the absence of mechanisms to prevent duplicates at national and European levels. The option chosen by the European lawmaker to entrust the accreditation of monitoring bodies to the DPA leaves some questions open on the capacity of DPAs to handle that task. Many of them have already complained about the shortage of resources, and accreditation will require hiring additional specialised profiles. Nevertheless, adhering to a GDPR CoC, when available, offers advantages over certification that should be considered by SMEs when they seek to comply with the accountability requirement set by the GDPR.

Keywords: codes of conduct; certification; GDPR; accountability; self-regulation; co-regulation (search for similar items in EconPapers)
JEL-codes: K2 (search for similar items in EconPapers)
Date: 2019
References: Add references at CitEc
Citations:

Downloads: (external link)
https://hstalks.com/article/5178/download/ (application/pdf)
https://hstalks.com/article/5178/ (text/html)
Requires a paid subscription for full access.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aza:jdpp00:y:2019:v:3:i:1:p:48-68

Access Statistics for this article

More articles in Journal of Data Protection & Privacy from Henry Stewart Publications
Bibliographic data for series maintained by Henry Stewart Talks ().

 
Page updated 2025-03-19
Handle: RePEc:aza:jdpp00:y:2019:v:3:i:1:p:48-68