According to Article 40.1 of the EU General Data Protection Regulation (GDPR), the national supervisory authorities in the European Economic Area shall “encourage the drawing up of codes of conduct intended to contribute to the proper application” of the GDPR. A prerequisite for codes of conduct to be prepared by Swedish associations and bodies, which represent categories of personal data controllers or processors, is that the Swedish Data Protection Authority (IMY), pursuant to Art. 41 GDPR, has to establish the requirements that will apply to their accreditation bodies, the so-called supervisory bodies, which will be responsible in monitoring compliance with the code of conduct by the controllers or processors that undertake to apply it.
Author
Margarita Kozlov
BrowsingMargarita Kozlov joined Baker McKenzie in 2016 and is a member of the Employment & Compensation Practice Group in Stockholm. She advises on a range of employment and data protection matters. She has also practiced at Baker McKenzie's office in London.