Please enable JavaScript.
Coggle requires JavaScript to display documents.
GDPR: Guidelines 1/2018 on certification (The role of the supervisory…
GDPR: Guidelines 1/2018 on certification
Scope
Explore the rationale for certification as an accountability tool
Explain the key concepts of the certification provisions in Articles 42 and 43
Explain the scope of what can be certified under Articles 42 and 43 and the purpose of certification
Implementation
The GDPR allows for a number of ways for Member States and supervisory authorities to implement Articles 42 and 43
The purpose of certification
Article 42(1) provides that certification mechanisms shall be established “for the purpose of demonstrating compliance with this Regulation of processing operations by controllers and processors”
Certification does not prove compliance
Key concepts in Articles 42 and 43
Interpretation of “certification”
Certification mechanisms, seals and marks
The role of the supervisory authorities
Issue certification itself, in respect of its own certification scheme
Issue certification itself, in respect of its own certification scheme, but delegate whole or part of the assessment process to third parties
Create its own certification scheme, and entrust certification bodies with the certification procedure which issue the certification;
Encourage the market to develop certification mechanisms
What can be certified under the GDPR?
personal data (material scope of the GDPR)
technical systems- the infrastructure, such as hardware and software, used to process the personal data; and
processes and procedures related to the processing operation(s).