• Courses
      • Executive Management Courses
      • Global Series of National Privacy Laws
      • Netherlands Privacy Academy (in Dutch)
      • Caribbean Data Protection Academy
    • Resources
    • Join GADPPRO ACADEMY
      • Join GADPPRO Academy as an Official Partner
      • Become an Official GADPPRO Training Entity
      • Join the GADPPRO Business Academy
      • Secretariat & International Training Centre
      • Contact Us
    •  
      • RegisterLog in
    Privacad GADPPRO Academy
      • Courses
        • Executive Management Courses
        • Global Series of National Privacy Laws
        • Netherlands Privacy Academy (in Dutch)
        • Caribbean Data Protection Academy
      • Resources
      • Join GADPPRO ACADEMY
        • Join GADPPRO Academy as an Official Partner
        • Become an Official GADPPRO Training Entity
        • Join the GADPPRO Business Academy
        • Secretariat & International Training Centre
        • Contact Us
      •  
        • RegisterLog in

      Blog

      Certification and identifying certification criteria in accordance with Articles 42 and 43 of the GDPR

      • Categories Blog, Business, Design / Branding, Free Data Protection Resources, Uncategorized
      • Date November 6, 2020

      Guidelines 01/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the GDPR

      SECTION 6  GUIDANCE FOR DEFINING CERTIFICATION CRITERIA

      67. Certification criteria are an integral part of a certification mechanism. The certification procedure includes the requirements of how, by whom, to what extent and the granularity of the assessment which shall take place in individual certification projects concerning a specific object or target of evaluation (ToE). The certification criteria provide the nominal requirements against which the actual processing operation defined in the ToE is assessed. These guidelines for defining certification criteria provide generic advice that will facilitate the assessment of certification criteria for the purpose of approval.

      • The following general considerations should be taken into account when approving or defining certification criteria. Certification criteria should:

      • be uniform and verifiable,

      • auditable in order to facilitate the evaluation of processing operations under the GDPR, by specifying in particular, the objectives and the implementing guidance for achieving those objectives;

      • be relevant with respect to the targeted audience (e.g. B2B and business to customer (B2C);

      • take into account and where appropriate be inter-operable with other standards (such as ISO standards, national level standards); and

      • be flexible and scalable for application to different types and sizes of organisations including micro, small and medium sized enterprises in accordance with Article 42(1) and the risk-based approach in accordance with Recital 77.

      68. A small local company, such as a retailer, will usually carry out less complex processing operations than a large multinational retailer. While the requirements for the lawfulness of the processing operations are the same, the scope of data processing and its complexity must be taken into account; it follows that there is a need for certification mechanisms and their criteria to be scalable according to the processing activity inquestion.

      • Share:
      User Avatar
      Richard V

      Previous post

      Certification and identifying certification criteria in accordance with Articles 42 and 43 of the GDPR
      November 6, 2020

      Next post

      Certification and identifying certification criteria in accordance with Articles 42 and 43 of the GDPR
      November 6, 2020

      You may also like

      Children Safety Encryption www.privacad.com
      Apple’s New Step to Protect Child Abuse via Encryption Feature
      20 August, 2021
      DNA Technology and Privacy www.privacad.com
      DNA Technology Regulation Bill and Violation of Privacy for Minority Groups
      19 August, 2021
      www.privacad.com
      India accuses Twitter of not complying with new IT rules
      18 August, 2021

      Search

      Categories

      • Blog
      • Business
      • Design / Branding
      • Free Data Protection Resources
      • Nederlandse Privacy Academie
      • Uncategorized
      Facebook-f Linkedin-in

      © Privacad 2020

      For all your questions about courses

      students@privacad.com

      For all your questions about Privacad for business

      info@privacad.com

      Links

      • Courses
      • Become a GADPPRO Academy Official Training Entity
      • Resources
      • Free Data Protection Resources
      • Blog
      • Profile
      • Students Stewards Network (SSN)

      Support

      • Privacy Policy
      • Terms of Use
      • FAQs
      • Contact

      © GADPPRO Academy | Privacad 2023

      GADPPRO Academy 2023

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account

      Are you a member? Login now