Code of Conduct

A set of binding rules that an industry association, sector organization, or group of controllers/processors adopts to specify how privacy requirements apply in their particular context. GDPR encourages development of codes of conduct to promote proper application of the regulation, taking account of specific sector characteristics. Codes of conduct help translate general privacy principles into practical guidance for specific industries—like advertising, healthcare, or mobile apps. To be approved under GDPR, codes must be submitted to relevant supervisory authorities and meet specific requirements. Approved codes can serve as demonstration of compliance, provide legal certainty, and in some cases enable international transfers. Organizations adhering to codes must have mechanisms to monitor compliance, handle complaints, and impose sanctions for violations. Codes of conduct complement regulations by providing sector-specific detail while maintaining consistency with overarching legal requirements.