A new regulation aimed at providing stakeholders with additional tools to self-regulate and safeguard the privacy of individuals in the European Union (EU) now requires global companies with the need to transfer data across the world to re-assess their data transfer mechanisms. The advantages of codes of conduct, such as Art. 40 GDPR and the dedicated Guidelines of the European Data Protection Board (EDPB) goes beyond the facilitation of data transfers, providing data controllers and data processors with a complete sectorial framework for General Data Protection Regulation (GDPR) compliance. The initiative to implement a Code of Conduct must be carried by associations or organizations acting as representatives of a group of stakeholders in a given ecosystem, to agree on an accountability toolbox taking into consideration the practice of such ecosystem. Once a draft has been agreed upon, the Code Owners may then submit it for approval, either before the competent national supervisory authority or to the EDPB and the European Commission.
