On August 27, 2020, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, the “Dutch DPA”) announced it approved the “Data Pro Code,” a code of conduct drafted by industry association NLdigital (the “Code”). This Code is the first code of conduct approved by the Dutch DPA under the EU General Data Protection Regulation (the “GDPR”). Adhering to the Code will help organizations active in the Information and Communications Technology sector comply with their obligations under the GDPR. The Code includes, among other things, a series of practical GDPR compliance tools, such as the “Data Pro Statement” that companies may use to inform potential customers of the data protection safeguards they have in place.
The Dutch DPA must still accredit a supervisory body to monitor participating organizations’ compliance with the Code and handle any complaints of violations. The Dutch DPA has compiled a list of criteria that the supervisory body must meet – in particular in relation to independency and expertise – and has submitted it to the European Data Protection Board (the “EDPB”) for advice. The Dutch DPA expects the EDPB’s feedback by the end of this year.