Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of GDPR
Section 4.2 Interaction with Regulation (EC) 765/2008
32. The EDPB notes that Article 2 (11) of Regulation (EC) No 765/2008 defines a national accreditation body as “the sole body in a Member State that performs accreditation with authority derived from the State”.
33. Article 2 (11) could be seen as inconsistent with Article 43(1) of the GDPR, which allows accreditation by a body other than the national accreditation body of the Member State. The EDPB considers that the intention of the EU legislation has been to derogate from the general principle that the accreditation be conducted exclusively by the national accreditation authority, by giving supervisory authorities the same power as regards the accreditation of certification bodies. Hence Article 43 (1) is lex specialis vis-a-vis Article 2 (11) of Regulation 765/2008.