Guidelines 01/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the GDPR
Section 1.2 The purpose of certification under the GDPR
11. Article 42(1) provides that certification mechanisms shall be established “for the purpose of demonstrating compliance withthis Regulation of processing operations by controllers and processors”.
12. The GDPR exemplifies the context in which approved certification mechanisms may be used as an element to demonstrate compliance with obligations of the controllers and processors concerning:
the implementation and demonstration of appropriate technical and organisational measures as referred in Articles 24 (1),(3), 25, and 32 (1), (3);
sufficient guarantees (processor to controller) as referred to in paragraphs 1 and (sub-processor to processor) 4 of Article 28 (5).