Promotion of codes of conduct

Codes of conduct are voluntary compliance mechanisms in which specific rules are established for categories of data controllers or processors in order to contribute to the proper application of the GDPR and the LOPDGDD.

Therefore, codes of conduct are documents that include the principles and guidelines to facilitate the correct application of the regulations in a certain sector or area in accordance with its specificities. They must be submitted to the competent control authority for approval, registration and publication.

Entities that may promote codes of conduct:

• Associations and other bodies representing categories of data controllers and data processors.
• Companies and groups of companies.
• The bodies, institutions and entities referred to in Article 77.1 of the LOPDGDD: constitutional bodies, public administrations, independent administrative authorities, public universities, public sector foundations, consortia.
• Organisations that assume supervisory functions and out-of-court conflict resolution.

Adhering to and complying with a code of conduct is voluntary, and can be taken into account when demonstrating that the data controller and data processor fulfil their obligations, especially when making the data protection impact assessment.

The Catalan Data Protection Authority is the competent authority to approve and register the codes of conduct promoted by entities that are part of its scope of action. So far, the approved codes of conduct are: