Guidelines 01/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the GDPR
SECTION 4 THE APPROVAL OF CERTIFICATION CRITERIA
30. The certification criteria form an integral part of any certification mechanism. Consequently, the GDPR requires the approval of certification criteria of a certification mechanism by the competent supervisory authority (Articles 42(5) and 43(2)(b)). Or in the case of a European Data Protection Seal, certification criteria is approved by the EDPB (Articles 42(5) and 70(1)(o)). Both routes for approval of certification criteria are explained below.
31. The EDPB recognizes the following purposes for approval of certification criteria:
to properly reflect the requirements and principles concerning the protectionof natural persons with regard to the processing of personal data laid down in Regulation (EU) 2016/679; and
to contribute to the consistent application of the GDPR.