Guidelines 01/2019 on Codes of Conduct and Monitoring Bodies under the GDPR

Section 6.1 Meets a particular need

33. Code owners are required to demonstrate a need for the establishment of a code. As such a code must address data protection issues which arise for a particular sector or processing activity.

For example, the sector of information systems for the detection of consumer credit risks may identify a need to formulate a code which provides sufficient safeguards and mechanisms to ensure that the data collected are relevant, accurate and are used exclusively for the specific and legitimate purpose of protecting credit. Similarly, the health research sector may identify a need to formulate a code which provides consistency in approach by setting out standards to adequately meet explicit consent and accompanying accountability requirements under the GDPR.

34. Code owners should be able to explain and set out the problems the code seeks to address and substantiate how the solutions the code offers will be effective and beneficial not only for their members but also for data subjects.