Code of Conduct under Art. 40 GDPR on the Protection of Personal Data in the Software Development Process

Projects


Period:  11/2017 - 04/2018
Status:  Finished
Contacts:  Alexandra Tsvetkova

According to Art. 40 of Regulation 2016/679, Member States, supervisors, the European Data Protection Supervisor and the EC encourage the development of codes of conduct designed to contribute to the correct implementation of the Regulation, taking into account the specificities of the different data processing sectors and the specific needs of micro-enterprises, small and medium-sized enterprises. Adherence by a controller/processor of personal data to an approved code of conduct or an approved certification mechanism may be used as evidence to demonstrate compliance with the relevant legal obligations.

Associations or other bodies representing categories of controllers or processors of personal data are encouraged to draw up codes of conduct within the framework of Regulation 2016/679 in order to facilitate its effective implementation, taking into account the specificities of data processing in certain sectors and the specific needs of enterprises in these areas. In particular, these codes of conduct can establish the parameters of the duties of controllers and the processors, taking into account the risk that is likely to arise from the processing of data on the rights and freedoms of individuals.

LIBRe Foundation developed a set of personal data protection measures in the software development process that aimed to facilitate the effective enforcement of Regulation 2016/679, taking into account the specificities of data processing in the information technology sector and the specific needs of micro and small enterprises in this sector. In view of the fact that the main activities of enterprises in the IT sector are related to the design, development and maintenance of software systems, the Code of Conduct is organized around the software lifecycle. Key elements in this approach are the integration of data protection measures into system architecture and business process modeling.

In addition to the above said and in close cooperation with the Bulgarian Association of Information Technologies, LIBRe Foundation developed a Code of Conduct under Art. 40 GDPR on the Protection of Personal Data in the Software Development Process. The conditions for accession and the management and control mechanisms for compliance with the Code are implemented through a multi-level governance model. These conditions as well as the specifics regarding its official recognition and its future management by the Bulgarian Association of Information Technologies, are determined and implemented by the Association.


Applied Research