§ GDPR · Article 41

GDPR Article 41: Obligations, Deadlines & Penalties

Regulation (EU) 2016/679, Article 41 · All obligations · GDPR
At a glance
Article 41 of the GDPR imposes 8 obligations on accredited monitoring body, competent supervisory authority.
§ Obligations

All obligations under Article 41

Obligation 1
A body accredited to monitor compliance with a code of conduct must demonstrate its independence and expertise in relation to the subject-matter of the code to the satisfaction of the competent supervisory authority. Regulation (EU) 2016/679, Article 41, Article 41
Obligated entity
accredited monitoring body
Action required
demonstrate
Deadline
Penalty
Obligation 2
An accredited monitoring body must establish procedures to assess the eligibility of controllers and processors to apply the code, monitor their compliance, and periodically review its operation. Regulation (EU) 2016/679, Article 41, Article 41
Obligated entity
accredited monitoring body
Action required
establish
Deadline
Penalty
Obligation 3
An accredited monitoring body must establish procedures and structures to handle complaints about infringements of the code and make those procedures transparent to data subjects and the public. Regulation (EU) 2016/679, Article 41, Article 41
Obligated entity
accredited monitoring body
Action required
establish
Deadline
Penalty
Obligation 4
An accredited monitoring body must demonstrate to the satisfaction of the competent supervisory authority that its tasks and duties do not result in a conflict of interests. Regulation (EU) 2016/679, Article 41, Article 41
Obligated entity
accredited monitoring body
Action required
demonstrate
Deadline
Penalty
Obligation 5
The competent supervisory authority must submit the draft criteria for accreditation of a monitoring body to the Board pursuant to the consistency mechanism referred to in Article 63. Regulation (EU) 2016/679, Article 41, Article 41
Obligated entity
competent supervisory authority
Action required
submit
Deadline
Penalty
Obligation 6
An accredited monitoring body must take appropriate action in cases of infringement of the code by a controller or processor, including suspension or exclusion, subject to appropriate safeguards. Regulation (EU) 2016/679, Article 41, Article 41
Obligated entity
accredited monitoring body
Action required
take action
Deadline
Penalty
Obligation 7
An accredited monitoring body must inform the competent supervisory authority of actions taken in cases of infringement and the reasons for taking them. Regulation (EU) 2016/679, Article 41, Article 41
Obligated entity
accredited monitoring body
Action required
inform
Deadline
Penalty
Obligation 8
The competent supervisory authority must revoke the accreditation of a monitoring body if the conditions for accreditation are not met or if actions taken by the body infringe the Regulation. Regulation (EU) 2016/679, Article 41, Article 41
Obligated entity
competent supervisory authority
Action required
revoke
Deadline
Penalty
§ Frequently asked

Questions about Article 41

Who must comply with Article 41 of the GDPR? +
accredited monitoring body, competent supervisory authority.
What does Article 41 of the GDPR require? +
demonstrate establish submit
Need a cross-border briefing on GDPR Article 41?
Search Fontvera ↵
All EU obligation pages  ·  All GDPR articles