Standards
Understand where sector expectations or formal accountability mechanisms may shape the work.
Codes of conduct
Formal accountability mechanisms matter when privacy work needs more than policy.
Codes of conduct can help organisations think more clearly about accountability, sector expectations and evidence where formal governance mechanisms are relevant.
The practical question is how that accountability is carried in the DPO operating model.
Codes of conduct
Practical privacy work connected to the right operating-model conversation.
Senior judgementSupport is framed around accountable decisions, not generic advice.
Controlled methodWork, evidence, escalation and review are held together.
Clear next stepThe first conversation is shaped around the organisation's risk, operating model and support needs.
Where standards help
Use formal standards to strengthen the operating model.
Evidence
Connect standards language to records, ownership, escalation and review.
Operating model
Bring the discussion back to the DPO function the organisation can actually rely on.
Frequently asked questions
Questions codes of conduct often raise.
These questions keep formal standards connected to accountability, evidence and practical operating-model use.
When does a GDPR code of conduct help?
A code of conduct can help where an organisation, sector or group needs a formal way to describe expected privacy practice, accountability, evidence and review. It does not replace core GDPR obligations, but it can support clearer standards and assurance where appropriately designed.
Can you help with international data transfer risks in due diligence?
Yes. Transfer review may include data flows, group access, vendors, sub-processors, support locations, safeguards, SCCs, TIAs, onward transfers and unresolved evidence gaps. Transfer work should connect contract position to operational reality.
How do vendor and processor risks connect to DPIAs?
Vendor and processor facts often affect the risk assessment: roles, data categories, access, retention, security, sub-processing, transfers, AI features, telemetry and model updates. DPIA work should not sit separately from vendor evidence where the vendor is part of the processing.
Next step
Connect formal accountability to the operating model.
If codes of conduct, sector expectations or formal accountability mechanisms are becoming relevant, the useful next step is to place them inside the wider DPO operating model, evidence position and governance route.