Insights European Data Protection Board consults on Annex 2 to Guidelines on certification under GDPR

The EDPB is consulting on Annex 2 to its Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the General Data Protection Regulation (2016/679/EU).

Annex 2 provides guidance for review and assessment of certification criteria pursuant to Article 42(5). It identifies topics that a data protection supervisory authority and the EDPB will consider and apply for the purpose of approval of certification criteria of a certification mechanism.

The questions set out in Annex 2 should be considered by certification bodies and scheme owners who wish to draft and present criteria for approval. The list is not exhaustive, but presents the minimum topics to be considered.

Comments should be supplied to the EDPB by 29 March 2019. For further information, click here.

Expertise