Certifications and codes of conduct: the CNIL maps the deployment of GDPR compliance tools across Europe
14 January 2026
To facilitate the identification of available compliance tools, the CNIL has published two maps listing the certifications and codes of conduct approved by national supervisory authorities or by the European Data Protection Board (EDPB) since the entry into force of the GDPR.
Click on the maps to view them
Since 2019, certifications and codes of conduct have served as operational tools providing professionals with concrete reference frameworks. They facilitate compliance efforts and demonstration, help harmonise practices, and offer appropriate safeguards in terms of data protection.
These instruments may operate at either national or European level: when they have a European scope, they are designed to be applied across the entire European Union.
Certification : a mark of compliance and trust
Certification (Article 42 of the GDPR) makes it possible to demonstrate that a product, service, or data processing activity meets data protection criteria set out in an approved referential.
It serves as a voluntary means of demonstrating compliance and strengthens trust between controllers, processors, and individuals.
Certifications may apply to:
- Organisations (e.g. providers of data protection training services); or
- Individuals (e.g. certification of DPO competencies).
They provide recognition of compliance with GDPR requirements and promote the dissemination of good practices.
Code of conduct: a common sectoral framework
A code of conduct (Article 40 of the GDPR) translates the Regulation’s obligations into concrete, sector-specific rules. Developed by professional federations or associations, it aims to harmonise practices and facilitate collective compliance.
Once approved by national supervisory authorities or following an opinion from the European Data Protection Board (EDPB) for European-level codes, the code becomes binding on its members.
Compliance is controlled by accredited monitoring bodies, which ensure that the commitments undertaken are respected.
A mapping to identify available compliance instruments
The CNIL’s new maps provide an overview of the schemes approved across the Member States of the European Union.
They enable organisations to identify existing certifications and codes of conduct by sector or by country, and to more easily plan their own compliance approach.
