🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Article 40 of the GDPR: Codes of conduct

Home News Article 40 of the GDPR: Codes of conduct

Article 40 of the GDPR: Codes of conduct

Summary

Article 40 of the GDPR encourages the development of codes of conduct intended to facilitate the application of the regulation in certain specific sectors or contexts. These codes make it possible to formalize good practices adapted to the realities of stakeholders.

Article 40 of the GDPR explained

Professional associations, representative bodies or actors in a given sector may develop codes of conduct aimed at:

  • Clarify data protection obligations in a specific context;
  • Specify the application of the principles of the GDPR (e.g. information, consent, security...);
  • Propose concrete solutions for compliance (information formats, tools, procedures...).

These codes may be subject to validation by the supervisory authority (e.g. CNIL) and may even be recognized at European level.

Why is this article important for your GDPR compliance?

Codes of conduct constitute a repository of good practices recognized by the authorities. Joining or drawing inspiration from it helps strengthen your compliance, particularly in sectors where regulations may seem complex or difficult to interpret.

How to comply with Article 40 of the GDPR?

  • Identify whether a code of conduct exists in your industry or for your type of business;
  • Study its content and adapt your procedures accordingly;
  • Consider joining a supporting organization or developing one with other stakeholders;
  • Take into account the recommendations from the codes validated by the CNIL or the EDPS.

Examples of application of Article 40 of the GDPR

  • A group of hospitals defines a code of conduct to govern access to health data;
  • E-commerce companies agree on best practices regarding cookies and targeted advertising;
  • An association of construction SMEs is setting up a simplified guide compliant with the GDPR for its members.

Related Resources

Accelerate your compliance in just a few clicks

With our all-in-one solution, you can accelerate and ensure compliance easily:

  • Automate your compliance with our GDPR software
  • Supported or outsourced by our DPO experts
  • Raise awareness among your teams with our GDPR training e-learning

Request a demo with an expert

Assess your situation in 15 minutes with our free, no-obligation GDPR self-diagnosis.

GDPR: Self-assess now

Other articles
on the same subject