1. Home
  2. Organisations
  3. Codes of conduct
  4. Submit an application for approval of a draft code of conduct to the DPA
  5. Submit an application for approval of a draft code of conduct to the DPA

Submit an application for approval of a draft code of conduct to the DPA

An association or body representing categories of controllers or processors and drawing up the code of conduct (“code owner”[1]) may submit an application for approval of a draft code of conduct to the Hellenic DPA, pursuant to Article 40(5) GDPR. The application is submitted electronically by filling in the relevant electronic form after logging in to the DPA’s online portal using the taxisnet credentials or −exceptionally− by email (if it is not possible to log in for any justified reason).

The code owner with an establishment in Greece who has taxisnet credentials can log in to the DPA’s online portal by using those credentials. Relevant information on logging in and submitting an application for approval of a draft code of conduct in Greek is available here.

In case the code owner  does not have an establishment in Greece (and therefore cannot log in to the DPA’s online portal using the taxisnet credentials) and has identified the DPA as the competent supervisory authority for a transnational code of conduct,[2] may submit an application for approval of the draft transnational code in English by e-mail.

In this case, follow the steps outlined below:

  1. Fill in all required fields in the following controller/processor/body application form.

Controller/processor/body application form (docx / pdf).

 

  1. Fill in the category of application in the above form by selecting “Approval of a draft code of conduct (Article 40(5)”.
  2. Send an e-mail to contact@dpa.gr with subject “Submit an application to the DPA for approval of a draft code of conduct” and attach the following:
    • The above form filled in.
    • One or more files (preferably in word format) that constitute the draft code of conduct submitted for approval.
    • One or more files (preferably in word format) that describe and explain clearly how each of the criteria set out in the checklist mentioned below are met. (The checklist is foreseen in Guidelines 1/2019 of the European Data Protection Board (EDPB)). In addition, a correlation table between the chapters/sections/paragraphs of the documents (files) submitted and the concerned checklist criteria.
    • An outline of the reasons that have led you to submit the application for approval of a draft code of conduct in this way and not via the DPA’s online portal.
Checklist before submitting the draft code of conduct

 

Before submitting a draft code of conduct to the DPA, it is important that you ensure the following (where relevant) have been submitted/set out and are appropriately signposted within the documentation (see Appendix 3 of EDPB Guidelines 1/2019). It should be noted that in case the draft code of conduct does not meet the criteria listed below, the DPA may reject the application as non-admissible.

 
  1. Have you provided an explanatory statement and all relevant supporting documentation? (Paragraph 20)
  2. Are you an association or other body representing categories of controllers or processors? (Paragraph 21)
  3. Have you provided details in your submission to substantiate that you are an effective representative body that is capable of understanding the needs of your members? (Paragraph 22)
  4. Have you clearly defined the processing activity or sector and the processing problems to which the code is intended to address? (Paragraph 23)
  5. Have you identified the territorial scope of your code and included a list of all concerned supervisory authorities (where relevant)? (Paragraph 24)
  6. Have you provided details to justify the identification of the competent supervisory authority? (Paragraph 25)
  7. Have you included mechanisms that allow for the effective monitoring of compliance of the code? (Paragraph 26)
  8. Have you identified a monitoring body and explained how it will fulfil the code monitoring requirements? (Paragraph 27)
  9. Have you included information as to the extent of consultation carried out in developing the code? (Paragraph 28)
  10. Have you provided confirmation that the draft code is compliant with Member State law(s) (where relevant)? (Paragraph 29)
  11. Have you met the language requirements? (Paragraph 30)
  12. Does your submission include sufficient details to demonstrate the proper application of the GDPR? (Paragraphs 32–41)

 

[1] ‘Code Owner’ refers to associations or other bodies who draw up and submit  their code and they will have an appropriate legal status as required by the code and in line with national law (see Guidelines 1/2019 of the European Data Protection Board).

[2] ‘Transnational code’ refers to a code which covers processing activities in more than one Member State. Therefore, a transnational code may relate to processing activities carried out by a multiplicity of controllers or processors in several Member States without necessarily amounting to ‘cross-border processing’ as defined in Article 4(23) of the GDPR (see EDPB Guidelines 1/2019).

We use the cookies that are necessary to maintain your connection to the online services of the HDPA’s Portal and to store your preferences in relation to optional cookies (“Necessary”).
Only with your consent we will use any of the following optional cookies you select (“Analytics”, “LinkedIn”, “Twitter”). You can see information on each cookie category by passing the cursor over each option.