De meerwaarde van een privacy gedragscode
Samen met een dozijn havenbedrijven en gesteund door o.a Deltalinqs, Port of Rotterdam, Douane en de Zeehavenpolitie, heeft Port Privacy twee sectorbrede privacy gedragscodes voor ISPS/AEO-bedrijven opgesteld:
- voor het toegangsbeleid en
- voor ADM-controles (controles op grensoverschrijdend gebruik van alcohol, drugs en medicijnen).
Een gedragscode houdt rekening met de specifieke kenmerken en behoeften van de sector. Het biedt een concretisering van de abstracte privacy wetgeving en een concreet handvat voor bedrijven om een goede invulling te kunnen geven aan de AVG. Bovendien wordt aansluiting bij een goedgekeurde gedragscode geregistreerd en duidt dit voor de Autoriteit Persoonsgegevens op compliance aan de AVG.
Dit volgt uit artikel 40 AVG en is herhaald in Hoofdstuk 4 van de nieuwe Europese guidelines over gedragscodes:
“Codes represent an opportunity to establish a set of rules which contribute to the proper application of the GDPR in a practical, transparent and potentially cost effective manner that takes on board the nuances for a particular sector and/or their processing activities.”
“Codes can help controllers and processors to comply with the GDPR by governing areas such as fair and transparent processing, legitimate interests, security and data protection by design and default measures and controller obligations.”
“Codes can provide a degree of co-regulation and they could decrease the level of reliance that controllers and processors may sometimes place upon data protection supervisory authorities to provide more granular guidance for their specific processing activities.”
“Codes can provide a degree of autonomy and control for controllers and processors to formulate and agree best practice rules for their given sectors. They can provide an opportunity to consolidate best practice processing operations in specific fields. They can also become a vital resource that businesses can rely upon to address critical issues in their processing procedures and to achieve better data protection compliance.”
“Codes can be an effective tool to earn the trust and confidence of data subjects.”
“Approved codes have the potential to act as effective accountability tools for both processors and controllers.”
“As outlined in Recital 77 and Article 24(3) of the GDPR, adherence to an approved code of conduct is envisaged, amongst others, as an appropriate method for a data controller or processor to demonstrate compliance with regard to specific parts or principles of the Regulation or the Regulation as a whole.”
“Adherence to an approved code of conduct will also be a factor taken into consideration by supervisory authorities when evaluating specific features of data processing such as the security aspects , assessing the impact of processing under a DPIA or when imposing an administrative fine.”
“In case of a breach of one of the provisions of the Regulation, adherence to an approved code of conduct might be indicative of how comprehensive the need is to intervene with an effective, proportionate, dissuasive administrative fine or other corrective measure from the supervisory authority.”
Kortom, een gedragscode biedt praktisch en juridisch alle handvatten om uw beleid (toegang, biometrie, camera's, ADM) in te richten zodat het voldoet aan de eisen van de ISPS én de eisen van de AVG.
Ook aansluiten? Meer weten? Neem contact met ons op!