Guidelines 01/2019 on Codes of Conduct and Monitoring Bodies under the GDPR
SECTION 15 PUBLIC SECTOR CODES
88. Article 41(6) of the GDPR provides that the monitoring of approved codes of conduct will not apply to processing carried out by public authorities or bodies. In essence, this provision removes the requirement for an accredited body to monitor a code. This exemption does not in any way dilute the requirement for the implementation of effective mechanisms to monitor a code. This could be achieved by adapting existing audit requirements to include monitoring of the code.