eu-code-of-conduct
EU Code of Conduct Adherence per Articles 40-41 GDPR
Overview
Articles 40 and 41 of the GDPR encourage the drawing up of codes of conduct intended to contribute to the proper application of the GDPR, taking account of the specific features of the various processing sectors. A code of conduct approved under Art. 40 provides a demonstrable compliance mechanism that controllers and processors can adhere to, offering evidentiary weight during supervisory authority investigations and serving as a factor in administrative fine calculations under Art. 83(2)(j).
The EDPB adopted Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679, providing detailed guidance on the approval process, content requirements, monitoring body accreditation, and adherence mechanisms. As of 2024, the EDPB has issued opinions on several transnational codes and national supervisory authorities have approved domestic codes across sectors including cloud computing, direct marketing, clinical trials, and credit information.
Sentinel Compliance Group adheres to two approved codes of conduct: the EU Cloud Code of Conduct (SCOPE Europe) for its cloud processing activities and a national code for direct marketing activities approved by the Belgian DPA.
Legal Framework
Article 40 — Codes of Conduct
Art. 40(1): Member States, supervisory authorities, the Board, and the Commission shall encourage the drawing up of codes of conduct intended to contribute to the proper application of the GDPR.
Art. 40(2): Codes of conduct may cover a wide range of processing areas: