The EDPB has adopted Guidelines on Codes of Conduct (CoCs) as a tool for transfers.
Under the GDPR COCs can be used by Controllers and Processors as an Appropriate Safeguards for Cross-border Data Transfer. It is created by regulators or associations and other bodies representing controllers or processors for:
– GDPR application (to signal compliance)
– Facilitating international data transfers
– Creating marketing efficiencies
The main purpose of the guidelines is to clarify the application of articles 40 (3) and 46 (2) (e) of the GDPR. These provisions stipulate that once approved by a competent SA and after having been granted general validity within the EEA by the Commission, a CoC may also be adhered to and used by controllers and processors not subject to the GDPR to provide appropriate safeguards to transfers of data outside of the EU. The guidelines complement the EDPB Guidelines 1/2019 on codes of conduct which establish the general framework for the adoption of codes of conduct.