Baden-Württemberg DPA, LfDI has published a Processor Code of Conduct to aid data processors with self regulation.
The DPA of Baden-Württemberg, Germany has published a code of conduct for processors, providing more legal certainty with regard to data processing under the GDPR. Businesses and organisations within Germany and in general within the EU, who are responsible for data processing must abide by the rules of the GDPR in handling data. According to this report from the Baden-Württemberg DPA, LfDI, in order to enable these data processors to regulate their own compliance with the GDPR, the DPA has approved a new national code of conduct known as the “Requirements for processors under Article 28 DS-GVO – Trusted Data Processor”. Companies can now make this code of conduct their own and commit to self regulation. Organisations who commit to the “Trusted Data Processor” code of conduct also indicate, by doing so, their commitment to following the guidelines set out by the LfDI, and to being monitored.
Experts in data protection were consulted to help create this code of conduct as processes were set up to aid with compliance and handle complaints.
The processor code of conduct was developed with the help of trade organisations like the “Professional Association of Data Protection Officers Germany (BvD) eV” and “Society for Data Protection and Data Security (GDD) eV”. The state representative has also bolstered his approach by establishing a BIDIB training centre , issuing handouts as well as orientation aids and, also promoting the clear design of data protection notices. The state representative has also created a tool DS-GVO.clever, to aid small businesses and associations to quickly create data protection notices with ease. Through this site, the processor code of conduct can be accessed with ease, and complaints can be filed with the accredited monitoring body.
Under the “Trusted Data Processor” code of conduct, organisations will be monitored by a monitoring body accredited by the LfDI.
A monitoring body, which is responsible for handling complaints in the area of data processing will be a point of contact for data processors as well. By committing to the processor code of conduct, organisations are agreeing to be monitored by this body. The monitoring body is accredited by the LfDI to regularly monitor compliance with the processor code of conduct. This monitoring body will also process applications for self commitment by organisation. Organisations will have the opportunity to comply with the “Requirements for processors under Article 28 DS-GVO – Trusted Data Processor”, and by extension the GDPR, by complying with self commitment.
Does your company have all of the mandated safeguards in place to ensure the safety of the personal data you collect or process? Aphaia can help. Aphaia also provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.