Norway: Adopted Data Protection Authority Accreditation requirements for a GDPR code of conduct monitoring body

On 18 April 2024, the Norwegian Data Protection Authority adopted accreditation requirements for control bodies responsible for monitoring compliance with codes of conduct under the General Data Protection Regulation (GDPR). These requirements, designed to ensure that control bodies operate independently and possess in-depth knowledge of the relevant standards, are based on Article 41(2) GDPR and the European Data Protection Board's guidelines. The criteria cover independence, conflict of interest, competence, established procedures and structures, transparency in complaint handling, communication with the supervisory authority, evaluation mechanisms, and legal position.