§ GDPR · Article 40

GDPR Article 40: Obligations, Deadlines & Penalties

Regulation (EU) 2016/679, Article 40 · All obligations · GDPR
At a glance
Article 40 of the GDPR imposes 3 obligations on Associations and other bodies representing categories of controllers or processors, Member States, controllers or processors not subject to this Regulation and 3 other entity type(s).
§ Obligations

All obligations under Article 40

Obligation 1
Member States, supervisory authorities, the Board, and the Commission shall encourage the drawing up of codes of conduct intended to contribute to the proper application of the Regulation. Regulation (EU) 2016/679, Article 40, Article 40
Obligated entity
Member States, supervisory authorities, the Board, the Commission
Action required
encourage
Deadline
Penalty
Obligation 2
Associations and other bodies representing categories of controllers or processors may prepare, amend, or extend codes of conduct to specify the application of the Regulation. Regulation (EU) 2016/679, Article 40, Article 40
Obligated entity
Associations and other bodies representing categories of controllers or processors
Action required
prepare
Deadline
Penalty
Obligation 3
Controllers or processors not subject to the Regulation who adhere to approved codes of conduct with general validity shall make binding and enforceable commitments to apply appropriate safeguards for data transfers. Regulation (EU) 2016/679, Article 40, Article 40
Obligated entity
controllers or processors not subject to this Regulation
Action required
commit
Deadline
Penalty
§ Frequently asked

Questions about Article 40

Who must comply with Article 40 of the GDPR? +
Associations and other bodies representing categories of controllers or processors, Member States, controllers or processors not subject to this Regulation, supervisory authorities, the Board, the Commission.
What does Article 40 of the GDPR require? +
encourage prepare commit
Need a cross-border briefing on GDPR Article 40?
Search Fontvera ↵
All EU obligation pages  ·  All GDPR articles