Certification guidelines

The EDPB has adopted guidelines on GDPR “certification” (“Guidelines”) which aim to provide advice on the interpretation and implementation of GDPR certification (an undefined term in the GDPR). Once certified, an organisation can display a seal or mark to show that the organisation is GDPR compliant. Restricted transfers to certified organisations will therefore be allowed provided that the organisation makes commitments to apply appropriate safeguards.

The Guidelines are intended to assist member states, supervisory authorities and certification bodies in their approaches to a certification mechanism.

There are currently no approved certification schemes or accredited certification bodies for issuing GDPR certificates in the UK and the ICO does not have any current plans to accredit certification bodies or to carry out certification. In the event that the ICO focusses on certification or for organisations whose supervisory authorities are not in the UK, the Guidelines will be useful. Certification can be an easy win for organisations to demonstrate GDPR compliance and provide transparency and reassurance to other organisations and individuals about the level of data protection safeguarding measures that they have in place.

The Guidelines can be accessed here.

Register now for your free, tailored, daily legal newsfeed service.

Certification guidelines

Filed under

Laws

Popular articles from this firm

Five years of GDPR - standing the test of time? *

AI Friends or Foes? The Privacy Risks for Children with Open AI, ChatGPT and Replika *

Data transfers and enforcement: Irish Data Protection Commission issues Meta with suspension and cessation orders along with largest ever GDPR fine *

EU-US data transfers under the microscope as Meta decision expected from Data Protection Commission Shortly *

Data, Privacy & Cyber Bulletin - May 2023 *

Related practical resources PRO

Related research hubs