The Conference of German Data Protection Officers (Datenschutzkonferenz) has released its ninth short guidance paper, on certification according to Article 42 GDPR. The conference stated that, from experience, many companies were certified but still did not fully comply with data protection law; particularly as ISO 27001 only covers a subdomain of data protection and does not take account of the rights of data subjects.

The conference outlined the advantages GDPR certification has. The conference announced that it is currently working intensively on the development of coordinated certification criteria in order to have a harmonised, cross-state implementation in line with the GDPR. The conference held that an uncontrolled growth of many different certification procedures should be avoided with respect to a common European data protection.