Certification and identifying certification criteria in accordance with Articles 42 and 43 of the GDPR
Guidelines 01/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the GDPR
Section 5.5 Documentation of results
65. Recital 100 provides information on the objectives pursued with the introduction of certification.
“In order to enhance transparency and compliance with this Regulation, the establishment of certification mechanisms and data protection seals and marks should be encouraged, allowing data subjects to quickly assess the level of data protection of relevant products and services.”
66. To enhance transparency the documentation and communication of results play an important role. Certification bodies using certification mechanisms, seals or marks directed towards the data subjects (in their roles as consumers or customers) should provide easily accessible, intelligible and meaningful information about the certified processing operation(s). This public information should include at least the
-
description of the ToE;
-
reference to the approved criteria applied to the specific ToE;
-
the methodology for the evaluation of the criteria (on-site evaluation, documentation, etc.); and
-
the duration of the validity of the certificate; and
-
should allow comparability of results for supervisory authorities and the public.