Codes of conduct are documents prepared by associations and other bodies that demonstrate how the General Data Protection Regulation(“GDPR”) applies and can be complied with by participants in particular industries and sectors  under Article 40 of the GDPR. Businesses may voluntarily adhere to codes of conduct to demonstrate their ability to comply with the GDPR.

A Code of Conduct has been prepared in Belgium related to cloud service providers (the “EU CLOUD Code of Conduct”, available here) and a Code of Conduct has been prepared in France relating to Cloud Service Infrastructure Providers (“CISPE”; the “CISPE Code of Conduct”, available here). Both Codes of Conduct are intended to provide practical guidance for data processors in the European Union (“EU”). Draft approval decisions have been prepared by the Belgian and French data protection authorities respectively, and the Codes of Conduct have been welcomed in opinions 16 and 17 of the European Data Protection Board (“EDPB”) on 20 May 2021.  It is expected that the Belgian and French data protection authorities will now finalise their decisions to approve the codes.

Continue reading.