• are appropriately addressing the type of processing you are doing and the related level of risk. An example is a code may contain more demanding requirements when it relates to processing of sensitive special category personal data. Adhering to a code of conduct could help you to: • be more transparent and accountable; • take into account the specific requirements of processing carried out in a sector and improve standards by following best practice in a cost effective way; • promote confidence and in a sector by creating effective safeguards to mitigate the risk around processing activities; • earn the trust and confidence of data subjects and promote the rights and freedoms of individuals; • help with specific data protection areas, such as breach notification and privacy by design; • demonstrate that you have appropriate safeguards to transfer data to countries outside the EU; and • improve the trust and confidence in your organisation’s compliance with GDPR and of the general public about what happens to their personal data. What should a code of conduct address? Codes of conduct should help you to comply with the GDPR and may cover topics such as fair and transparent processing, legitimate interests, pseudonymisation or alternative, appropriate data protection processing issues.
Codes of conduct should reflect the specific needs of controllers and processors in small and medium enterprises and help them to work together to apply GDPR requirements to specific issues that they face.
Codes should provide added value for their sector, as they will tailor the GDPR requirements to the sector or area of data processing. They could be a cost effective means to enable compliance with GDPR for a sector and its members. Who is responsible for codes of conduct? Trade associations or other bodies representing controllers or processors can create a code of conduct in consultation with relevant stakeholders, including the public where feasible. They can amend or extend existing codes to comply with GDPR requirements.
Visit the ICO’s website for further information on Codes of Conduct.
Back to Contents
GDPR one year on 12 June 2019
The Information Commissioners’ Office (ICO) has published a report ‘GDPR one year on’ which provides an overview of the ICO’s experience in the first year of the General Data Protection Regulation (GDPR), and shares information and insights that will be further explored in its Annual Report later this year. The update describes some of the work undertaken to deliver the six goals set out in the ICO’s Information Rights Strategic Plan. This includes supporting the public to use their new rights, working with organisations to provide support and guidance and using new enforcement and investigation powers. The report also covers how the ICO is working to stay relevant and foster innovation and ensuring it is a well-resourced, influential regulator on the national and international stage.
Some of the key points from the report include:
SMEs The ICO recognise it hasn’t been easy for small organisations to become GDPR compliant. Legal bases for processing, data auditing and privacy policies take time to understand and there are no quick fixes for making sure people’s personal data is being processed legally. For sole traders this has been particularly difficult.
In addition to the services that the ICO has to help this community understand their responsibilities, it will also soon be establishing a ‘one-stop shop for SMEs’, drawing together the expertise from across ICO’s regulatory teams to help it
The Chartered Institute of Payroll Professionals
Payroll: need to know
cipp.org.uk
Page 86 of 629
Made with FlippingBook - Online magazine maker