Insights & news

Belgian DPA Approves First European Code of Conduct

  • 01/06/2021
  • Articles

On 20 May 2021, the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données – the DPA) approved the first transnational code of conduct to be adopted within the European Union since the entry into force of General Data Protection Regulation (EU) 2016/679 (the GDPR). The “EU Data Protection Code of Conduct for Cloud Service Providers” (the EU Cloud CoC) aims to establish good data protection practices for cloud service providers and wishes to contribute to a better protection of personal data processed in the cloud in Europe. One day earlier, on 19 May 2021, the European Data Protection Board issued a favourable opinion, allowing the DPA to approve the first transnational code of conduct.

In its approval decision, the DPA underlines the importance of codes of conduct as voluntary accountability tools to tailor data protection rules to the specificities of a sector. By adhering to the code, companies will ensure that data handling is in line with the GDPR. Adherence to the EU Cloud CoC is also achievable for small and medium enterprises that are active in this sector.

Please click below to read our note on the Code of Conduct.

Attachments:

Key contacts

Related practice areas

Related insights

Sign up for updates
    • 23/07/2021
    • Newsletters

    VBB on Belgian Business Law, Volume 2021, No. 6

    The June 2021 issue of our Belgian Business Law newsletter reporting on the latest developments in a range of areas, including competition, data protection, intellectual property and labour law.

    Read more
    • 02/07/2021
    • News

    EU Adequacy Decisions for EU-UK Personal Data Flows

    On 28 June 2021, the European Commission adopted two adequacy decisions for the transfer of personal data from the EU and EEA to the United Kingdom following the agreed post-Brexit transition period. The two adequacy decisions allow personal data transfers under: (i) the General Data Protection Regulation (GDPR); and (ii) the Law Enforcement Directive respectively. The decisions came days before the transitional agreement under the EU-UK Cooperation Agreement was set to expire on 30 June 2021 and ensure that personal data can be transferred freely from the EU/EEA to the UK for the next four years. Following its thorough assessment of the UK’s practice on the protection of personal data including rules on the access to data by public authorities, the Commission came to the decision that the UK’s data protection system continues to be based on the same rules that were applicable while the UK was still a Member State of the EU. The Commission’s decision means that the UK’s data protection standards are considered “adequate”, pursuant to Article 45 of the GDPR. Please click on the link below to read our note on the subject.

    Read more
    • 23/06/2021
    • News

    CJEU Clarifies When Supervisory Authorities Can Derogate from One-Stop-Shop

    In a judgment rendered on 15 June 2021, the Court of Justice of the European Union (CJEU) provides important clarifications on the functioning of the “one-stop-shop” mechanism under the GDPR and the possibility for national supervisory authorities to bring court proceedings outside this mechanism. In its judgment, the CJEU explains when national supervisory authorities which are not the lead authority can initiate such proceedings against controllers in their own territory. Please click on the link below to read our note on the subject.

    Read more

Subscribe to our updates

Please select the practice areas you are interested in: *