Code of conduct in the way that is envisaged by the GDPR can be considered as new approach in the field. Back in the mid-twentieth century, some of the first more recognisable codes applicable to other sectors mainly scientific, military and profit-making can be mentioned as the first modern attempts. One of the first documents related to the privacy and personal data protection that mentioned code of conduct is the Explanatory Report to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data from 1981. Unlike the GDPR, then these voluntary measures were not considered as “sufficient to ensure full compliance with the convention”.
Currently, code of conduct is considered as data protection approach that should be encouraged by national data protection authorities, the European Data Protection Board, the European Commission as well as all Member States, e.g. nowadays it can be considered not only as a state policy but also as a common European one (Art. 40, para. 1, GDPR). In the end of the day, codes of conduct help data controllers and processors in applying the General Data Protection Regulation effectively.