According to Article 40.1 of the EU General Data Protection Regulation (GDPR), the national supervisory authorities in the European Economic Area shall “encourage the drawing up of codes of conduct intended to contribute to the proper application” of the GDPR. A prerequisite for codes of conduct to be prepared by Swedish associations and bodies, which represent categories of personal data controllers or processors, is that the Swedish Data Protection Authority (IMY), pursuant to Art. 41 GDPR, has to establish the requirements that will apply to their accreditation bodies, the so-called supervisory bodies, which will be responsible in monitoring compliance with the code of conduct by the controllers or processors that undertake to apply it.
William Höglund is a member of Baker McKenzie’s Intellectual Property and Data & Technology Practice Group in Stockholm. William joined the Firm as an associate in 2022. Prior to joining the Firm, he worked for a Swedish boutique law firm, focusing on insurance and data privacy / protection. He also has experience working as a data protection officer in the public sector.