Guidelines 01/2019 on Codes of Conduct and Monitoring Bodies under the GDPR

APPENDIX 3  –  CHECKLIST FOR SUBMISSION

Before submitting a draft code to the competent supervisory authority it is important that you ensure the following (where relevant) have been submitted/set outand are appropriately signposted within the documentation:

• 1. Have you provided an explanatory statement and all relevant supporting documentation? (Paragraph 20)

• 2. Are you an association or other body representing categories of controllers or processors? (Paragraph 21)

• 3. Have you provided details in your submission to substantiate that you are an effective representative body that is capable of understanding the needs of your members? (Paragraph22)

• 4. Have you clearly defined the processing activity or sector and the processing problems to which the code is intended to address? (Paragraph 23)

• 5. Have you identified the territorial scope of your code and included a list of all concerned SAs (where relevant)? (Paragraph 24)

• 6. Have you provided details to justify the identification of the CompSA? (Paragraph 25)

• 7. Have you included mechanisms that allow for the effective monitoring of compliance of the code? (Paragraph 26)

• 8. Have you identified a monitoring body and explained how it will fulfil the code monitoring requirements? (Paragraph 27)

• 9. Have you included information as to the extent of consultation carried out in developing the code? (Paragraph 28)

• 10. Have you provided confirmation that the draft code is compliant with Member State law(s) (where relevant)? (Paragraph 29)

• 11. Have you met the language requirements? (Paragraph 30)

Does your submission include sufficient details to demonstrate the proper application of the GDPR? (Paragraphs 32–41)