Codes of Conduct

Codes of conduct (CoC) offer controllers and processors the opportunity to specify the General Data Protection Regulation for certain processing contexts and to submit them to the data protection supervisory authority for approval in advance.

Recognised codes of conduct thus offer legal and practical added value, particularly in areas where a large number of processing entities are constantly faced with the same issues. Recognition by the data protection supervisory authority also has the potential to alleviate unnecessary fears, concerns and ultimately risks for small and medium-sized enterprises (SMEs) in particular when implementing modern processing procedures. This function of compliance certification is also explicitly provided for in the GDPR, as compliance with recognised codes of conduct, for example in accordance with Art. 83(2)(j) GDPR, must be taken into account as a factor in the assessment of fines.

In order to make an active contribution to harmonising the implementation of the General Data Protection Regulation, the GDD is involved in various codes of conduct.

Trusted Data processor

Trusted Data processor

The ‘Trusted Data Processor’ code of conduct developed by experts from the GDD e.V. and BvD e.V. associations create uniform guidelines for processors in accordance with Art. 28 GDPR and contributes to greater legal certainty in the relationship between controllers and their service providers (processors).

learn more

Code of Conduct on the use of GDPR compliant pseu-donymisation

Code of Conduct on the use of GDPR compliant pseu-donymisation

The code of conduct on pseudonymisation, which emerged from the German government's Digital Summit with the participation of the GDD, specifies an appropriate management process for the pseudonymisation of personal data. As a so-called ‘transnational’ code of conduct, it is intended to create Europe-wide standards for the pseudonymisation of personal data.

learn more