Guidelines 01/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the GDPR
SECTION 14 OVERALL EVALUATION OF CRITERIA
a. Do the criteria fully cover the scope of the certification mechanism (i.e. comprehensive criteria) to provide sufficient guarantees so that the certification can be trusted?
Example: If the scope of the certification mechanism focuses on health processing operations, a high level of data protection should be guaranteed by defining criteria that ensure, for instance, an in-depth assessment and the application of privacy-by-design and privacy-by-default principles.