Accreditation of certification bodies under Article 43 GDPR
Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of GDPR
Section 7.2 Application
In addition to item 7.2 of ISO/IEC 17065/2012, it should be required that
-
1 the object of certification (Target of Evaluation, ToE) must be described in detail in the application. This also includes interfaces and transfers to other systems and organizations, protocols and other assurances;
-
2 the application shall specify whether processors are used, and when processors are the applicant, their responsibilities and tasks shall be described, and the application shall contain the relevant controller/processor contract(s).