GDPR-40-05
Requirement
40 — Codes of conduct
Controllers not subject to GDPR must make binding commitments for code adherence
Description
Full Analysis & Evidence Requirements
Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.
Sign In to ViewRelated Obligations
GDPR-40-01
Requirement
Member States shall encourage development of codes of conduct
GDPR-40-02
Requirement
Supervisory authorities shall encourage development of codes of conduct
GDPR-40-03
Requirement
The Board shall encourage development of codes of conduct
GDPR-40-04
Requirement
Commission shall encourage development of codes of conduct
GDPR-40-06
Requirement
Processors not subject to GDPR must make binding commitments for code adherence
GDPR-40-07
Requirement
Codes of conduct must contain compliance monitoring mechanisms
GDPR-40-08
Registration
Code drafters must submit draft codes to competent supervisory authority
GDPR-40-09
Requirement
Supervisory authority shall provide opinion on draft codes
GDPR-40-10
Registration
Supervisory authority shall register and publish approved single-state codes
GDPR-40-11
Requirement
Supervisory authority shall submit multi-state draft codes to Board
Map this obligation to your AI systems
ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.
Get Started