Article 40 GDPR

(3) Controllers and Processors not Subject to the Territorial Scope of the GDPR The focus on a particular sector is supposed to allow for a cost effective way to achieve data protection compliance by taking into account all the specific characteristics of processing carried out in that sector - with particular emphasis on the needs of micro, small and medium enterprises.<ref>EDPB, ‘Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679’, 4 June 2019 (Version 2.0), margin number 11 (available [https://www.edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_201901_v2.0_codesofconduct_en.pdf here]).</ref> It should be recalled that under [[Article 24 GDPR|Article 24(3) GDPR]], adherence to approved CoC can be used as an element to demonstrate compliance with the GDPR.<ref>See Commentary on [[Article 24 GDPR]].</ref> The focus on a particular sector is supposed to allow for a cost effective way to achieve data protection com