§ GDPR · Article 40
GDPR Article 40: Obligations, Deadlines & Penalties
At a glance
Article 40 of the GDPR imposes 3 obligations on Associations and other bodies representing categories of controllers or processors, Member States, controllers or processors not subject to this Regulation and 3 other entity type(s).
§ Obligations
All obligations under Article 40
Obligation 1
Member States, supervisory authorities, the Board, and the Commission shall encourage the drawing up of codes of conduct intended to contribute to the proper application of the Regulation.
Regulation (EU) 2016/679, Article 40, Article 40
- Obligated entity
-
Member States, supervisory authorities, the Board, the Commission
- Action required
-
encourage
- Deadline
-
—
- Penalty
-
—
Obligation 2
Associations and other bodies representing categories of controllers or processors may prepare, amend, or extend codes of conduct to specify the application of the Regulation.
Regulation (EU) 2016/679, Article 40, Article 40
- Obligated entity
-
Associations and other bodies representing categories of controllers or processors
- Action required
-
prepare
- Deadline
-
—
- Penalty
-
—
Obligation 3
Controllers or processors not subject to the Regulation who adhere to approved codes of conduct with general validity shall make binding and enforceable commitments to apply appropriate safeguards for data transfers.
Regulation (EU) 2016/679, Article 40, Article 40
- Obligated entity
-
controllers or processors not subject to this Regulation
- Action required
-
commit
- Deadline
-
—
- Penalty
-
—
§ Frequently asked
Questions about Article 40
Who must comply with Article 40 of the GDPR?
+
Associations and other bodies representing categories of controllers or processors, Member States, controllers or processors not subject to this Regulation, supervisory authorities, the Board, the Commission.
What does Article 40 of the GDPR require?
+
encourage prepare commit