Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of GDPR
Section 7.7 Certification documentation
In addition to item 7.7.1.e of ISO/IEC 17065/2012 and in accordance with Article 42(7) GDPR, it should be required that the period of validity of certifications shall not exceed three years.
In addition to item 7.7.1.e of ISO/IEC 17065/2012, it should be required that the period of the intended monitoring within the meaning of section 7.9 will also be documented.
In addition to item 7.7.1.f of ISO/IEC 17065/2012, the certification body should be required to name the object of certification in the certification documentation (stating the version status or similar characteristics, if applicable).