interactive GDPR 2016/0679 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- personal data
- processing
- restriction of processing
- profiling
- pseudonymisation
- filing system
- controller
- processor
- recipient
- third party
- consent
- personal data breach
- genetic data
- biometric data
- data concerning health
- main establishment
- representative
- enterprise
- group of undertakings
- binding corporate rules
- supervisory authority
- supervisory authority concerned
- cross-border processing
- relevant and reasoned objection
- information society service
- international organisation
- shall 21
- board 14
- code 14
- article 11
- data 11
- referred 10
- conduct 10
- which 9
- regulation 9
- the 9
- draft 8
- appropriate 8
- amendment 8
- pursuant 8
- extension 8
- controllers 7
- codes 7
- article 7
- paragraph 6
- processing 6
- personal_data 6
- subjects 6
- protection 6
- european 5
- supervisor 5
- processors 5
- safeguards 5
- commission 5
- secretariat 5
- tasks 5
- approved 5
- where 4
- paragraph 4
- opinion 4
- supervisory_authority 4
- provide 4
- such 4
- communication 4
- authorities 4
- supervisory 4
- validity 3
- implementing 3
- provided 3
- general 3
- rights 3
- between 3
- conferred 3
- submit 3
- carrying 3
- have 3
Article 40
Codes of conduct
1. The Member States, the supervisory authorities, the Board and the Commission shall encourage the drawing up of codes of conduct intended to contribute to the proper application of this Regulation, taking account of the specific features of the various processing sectors and the specific needs of micro, small and medium-sized enterprises.
2. Associations and other bodies representing categories of controllers or processors may prepare codes of conduct, or amend or extend such codes, for the purpose of specifying the application of this Regulation, such as with regard to:
| (a) | fair and transparent processing; |
| (b) | the legitimate interests pursued by controllers in specific contexts; |
| (c) | the collection of personal_data; |
| (d) | the pseudonymisation of personal_data; |
| (e) | the information provided to the public and to data subjects; |
| (f) | the exercise of the rights of data subjects; |
| (g) | the information provided to, and the protection of, children, and the manner in which the consent of the holders of parental responsibility over children is to be obtained; |
| (h) | the measures and procedures referred to in Articles 24 and 25 and the measures to ensure security of processing referred to in Article 32; |
| (i) | the notification of personal_data breaches to supervisory authorities and the communication of such personal_data breaches to data subjects; |
| (j) | the transfer of personal_data to third countries or international_organisations; or |
| (k) | out-of-court proceedings and other dispute resolution procedures for resolving disputes between controllers and data subjects with regard to processing, without prejudice to the rights of data subjects pursuant to Articles 77 and 79. |
3. In addition to adherence by controllers or processors subject to this Regulation, codes of conduct approved pursuant to paragraph 5 of this Article and having general validity pursuant to paragraph 9 of this Article may also be adhered to by controllers or processors that are not subject to this Regulation pursuant to Article 3 in order to provide appropriate safeguards within the framework of personal_data transfers to third countries or international_organisations under the terms referred to in point (e) of Article 46(2). Such controllers or processors shall make binding and enforceable commitments, via contractual or other legally binding instruments, to apply those appropriate safeguards including with regard to the rights of data subjects.
4. A code of conduct referred to in paragraph 2 of this Article shall contain mechanisms which enable the body referred to in Article 41(1) to carry out the mandatory monitoring of compliance with its provisions by the controllers or processors which undertake to apply it, without prejudice to the tasks and powers of supervisory authorities competent pursuant to Article 55 or 56.
5. Associations and other bodies referred to in paragraph 2 of this Article which intend to prepare a code of conduct or to amend or extend an existing code shall submit the draft code, amendment or extension to the supervisory_authority which is competent pursuant to Article 55. The supervisory_authority shall provide an opinion on whether the draft code, amendment or extension complies with this Regulation and shall approve that draft code, amendment or extension if it finds that it provides sufficient appropriate safeguards.
6. Where the draft code, or amendment or extension is approved in accordance with paragraph 5, and where the code of conduct concerned does not relate to processing activities in several Member States, the supervisory_authority shall register and publish the code.
7. Where a draft code of conduct relates to processing activities in several Member States, the supervisory_authority which is competent pursuant to Article 55 shall, before approving the draft code, amendment or extension, submit it in the procedure referred to in Article 63 to the Board which shall provide an opinion on whether the draft code, amendment or extension complies with this Regulation or, in the situation referred to in paragraph 3 of this Article, provides appropriate safeguards.
8. Where the opinion referred to in paragraph 7 confirms that the draft code, amendment or extension complies with this Regulation, or, in the situation referred to in paragraph 3, provides appropriate safeguards, the Board shall submit its opinion to the Commission.
9. The Commission may, by way of implementing acts, decide that the approved code of conduct, amendment or extension submitted to it pursuant to paragraph 8 of this Article have general validity within the Union. Those implementing acts shall be adopted in accordance with the examination procedure set out in Article 93(2).
10. The Commission shall ensure appropriate publicity for the approved codes which have been decided as having general validity in accordance with paragraph 9.
11. The Board shall collate all approved codes of conduct, amendments and extensions in a register and shall make them publicly available by way of appropriate means.
Article 75
Secretariat
1. The Board shall have a secretariat, which shall be provided by the European Data Protection Supervisor.
2. The secretariat shall perform its tasks exclusively under the instructions of the Chair of the Board.
3. The staff of the European Data Protection Supervisor involved in carrying out the tasks conferred on the Board by this Regulation shall be subject to separate reporting lines from the staff involved in carrying out tasks conferred on the European Data Protection Supervisor.
4. Where appropriate, the Board and the European Data Protection Supervisor shall establish and publish a Memorandum of Understanding implementing this Article, determining the terms of their cooperation, and applicable to the staff of the European Data Protection Supervisor involved in carrying out the tasks conferred on the Board by this Regulation.
5. The secretariat shall provide analytical, administrative and logistical support to the Board.
6. The secretariat shall be responsible in particular for:
| (a) | the day-to-day business of the Board; |
| (b) | communication between the members of the Board, its Chair and the Commission; |
| (c) | communication with other institutions and the public; |
| (d) | the use of electronic means for the internal and external communication; |
| (e) | the translation of relevant information; |
| (f) | the preparation and follow-up of the meetings of the Board; |
| (g) | the preparation, drafting and publication of opinions, decisions on the settlement of disputes between supervisory authorities and other texts adopted by the Board. |
whereas
dal 2004 diritto e informatica