Certifications and Codes of Conduct


    Certifications and Codes of Conduct

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate data transfers or vendor management.

    Last Updated: July 30, 2019

  • Certifications

    Certification schemes exist to encourage and demonstrate compliance with data protection standards. GDPR Article 43 sets the criteria and procedure for accrediting certification bodies. Article 43(1) requires the Member States to ‘ensure’ that certification bodies are accredited by a supervisory authority.

    Italian GDPR National Accreditation Body is ACCREDIA. It is the only national accreditation body designated by the Italian government, with the task of certifying the competence, impartiality, and independence of laboratories and bodies that verify the conformity of products, services, and professionals to the reference standards, facilitating their circulation at international level.

    The Garante and ACCREDIA draw attention to the need to await the definition of common criteria and requirements for the compliance of data protection certifications with EU Regulation 2016/679 – those are being finalized by the European Data Protection Board.


  • Codes of Conduct

    The GDPR Art. 40 recommends for organizations to use Codes of Conduct as a voluntary tool for proper and effective GDPR application. Codes of conduct should be tailored to reflect specific needs of various sectors and sizes of organizations. Trade associations or bodies representing a sector can create codes of conduct to help their sector comply with the GDPR in an efficient and cost-effective way. Furthermore, Codes of Conduct are strong accountability and compliance indicator towards the regulator, public, and business partners.

    Italian Garante has already verified and approved the Code of Conduct for journalists with the GDPR. The verification – delegated to the Garante by the legislative decree n. 101/2018 for the adaptation of national legislation to the EU Regulation – does not substantially modify the previously existing Code of Conduct, limiting itself to a formal updating of the references to the new European regulatory framework.

Want to learn more? Login to the full DataGuidance platform.

About OneTrust

OneTrust is the #1 most widely used privacy, security and third-party risk technology platform trusted by more than 3,000 companies to comply with the CCPA, GDPR, ISO27001 and hundreds of the world’s privacy and security laws. OneTrust's three primary offerings include OneTrust Privacy Management Software, OneTrust PreferenceChoice™ consent and preference management software, and OneTrust Vendorpedia™ third-party risk management software and vendor risk exchange. To learn more, visit OneTrust.com or connect on LinkedIn, Twitter and Facebook.