These guidelines, which complement the EDPB Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679, provide clarification as to the role of the different actors involved for the setting of a code to be used as a tool for transfers and the adoption process with flow charts.
It should also be noted that a code intended for transfers adhered to by a data importer in a third country can be relied on by controllers/processors subject to the GDPR (i.e. data exporters) for complying with their obligations in case of transfers to third countries in accordance with the GDPR without the need for such controllers/processors to adhere to such code themselves.