Certifications and Codes of Conduct

    Greece

    Certifications and Codes of Conduct

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate data transfers or vendor management.

    Last Updated: July 30, 2019


  • Certification

    Certification schemes exist to encourage and demonstrate compliance with data protection standards. GDPR Article 43 sets the criteria and procedure for accrediting certification bodies. Article 43(1) requires the Member States to ‘ensure’ that certification bodies are accredited by a supervisory authority.

    The Greek Data Protection Regulator, the Hellenic Data Protection Authority (HDPA), states in its online guidance that accreditation of the certification bodies is to be carried out by the National Accreditation System (ESYD). The maximum period of certification is to be 3 years whereas the accreditation is to be granted for a maximum of 5 years. The specific accreditation requirements are not listed on the HDPA website.

    Related Resources

    Greece Certification Resources

  • Codes of Conduct

    The GDPR Art. 40 recommends for organizations to use Codes of Conduct as a voluntary tool for proper and effective GDPR application. Codes of conduct should be tailored to reflect specific needs of various sectors and sizes of organizations. Trade associations or bodies representing a sector can create codes of conduct to help their sector comply with the GDPR in an efficient and cost-effective way. Furthermore, Codes of Conduct are strong accountability and compliance indicator towards the regulator, public, and business partners.

    The Greek HDPA provides online general guidance and information on Codes of Conduct, it encourages organizations to prepare GDPR codes of conduct and it seems that the codes of conduct can also be already submitted to the HDPA for review.

    Related Resources

    Greece Codes of Conduct Resources

Want to learn more? Login to the full DataGuidance platform.

About OneTrust


OneTrust is the #1 most widely used privacy, security and third-party risk technology platform trusted by more than 3,000 companies to comply with the CCPA, GDPR, ISO27001 and hundreds of the world’s privacy and security laws. OneTrust's three primary offerings include OneTrust Privacy Management Software, OneTrust PreferenceChoice™ consent and preference management software, and OneTrust Vendorpedia™ third-party risk management software and vendor risk exchange. To learn more, visit OneTrust.com or connect on LinkedIn, Twitter and Facebook.