Certification and identifying certification criteria in accordance with Articles 42 and 43 of the GDPR

Guidelines 01/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the GDPR

SECTION 14  OVERALL EVALUATION OF CRITERIA

a.   Do the criteria fully cover the scope of the certification mechanism (i.e. comprehensive criteria) to provide sufficient guarantees so that the certification can be trusted?

  • Example: If the scope of the certification mechanism focuses on health processing operations, a high level of data protection should be guaranteed by defining criteria that ensure, for instance, an in-depth assessment and the application of privacy-by-design and privacy-by-default principles.

b.   Are the criteria commensurate with the size of the processing operation being addressed by the scope of the certification mechanism, the sensitivity of information and the risk of processing?

c.   Are the criteria likely to improve data protection compliance of controllers and processors?

d.   Will data subjects benefit in respect of their information rights, including explaining desired outcomes to data subjects?

author avatar
Richard V

You may also like

Children Safety Encryption www.privacad.com
Apple’s New Step to Protect Child Abuse via Encryption Feature
20 August, 2021
DNA Technology and Privacy www.privacad.com
DNA Technology Regulation Bill and Violation of Privacy for Minority Groups
19 August, 2021
www.privacad.com
India accuses Twitter of not complying with new IT rules
18 August, 2021