The adoption of a code of conduct is one of the voluntary tools that the GDPR offers to obliged parties to facilitate compliance with their obligations. This allows certain specific characteristics of the sector it regulates to be taken into account and is also binding upon those who participate. Thus, the adoption of codes of conduct is useful for the data controller to demonstrate that it complies with the obligations imposed by data protection regulations. In the present case, the AEPD found that the requirements for the adoption of a code of conduct had been met.
The entire content of the Legal Briefing can be found in the PDF.