According to Article 40.1 of the GDPR, the national supervisory authorities in the European Economic Area shall “encourage the drawing up of codes of conduct intended to contribute to the proper application” of the GDPR. A prerequisite for codes of conduct to be prepared by Swedish associations and bodies, which represent categories of personal data controllers or processors, is that the Swedish Data Protection Authority (IMY), pursuant to Art. 41 GDPR, establishes the requirements that…
Core to the one-stop shop mechanism, the EDPB serves as an independent umbrella organisation for the European data protection authorities (DPAs). The EDPB’s role is central to ensuring consistent application of the GDPR across the EU and also settle disputes in matters of cross-border processing where a group of DPAs are unable to agree on a cross-border decision. The EDPB issued two (2) key guidelines on May 24, 2023: These final guidelines, which aim to reinforce the…