Codes of conduct are a means of allocating the responsibility for the details of the standards for protecting personal data within society. The law provides the general standards, rights, obligations, procedures and sanctions. Next, the general standards are worked out into specific standards by specifying codes of conduct for a particular sector.
An organisation (a trade organisation, for example) may request that the Dutch DPA test its code of conduct. In society, a great deal of confidence is placed in codes of conduct. Therefore, the Dutch DPA carefully tests the code of conduct against article 25 Wbp. Among other things, this involves the correct interpretation of the law, a careful description of the sector, the representativity of the organisation that prepares the code of conduct and the guarantees of independence in the settlement of disputes.
The Dutch DPA is usually more than willing to cooperate in establishing these sectoral codes of conduct. If the statutory provisions are stipulated more specifically for a particular sector, this results in stronger protection of personal data while also doing justice to the principle of self-regulation on which the Wbp is based.