Certification and identifying certification criteria in accordance with Articles 42 and 43 of the GDPR

Paragraph 1.3.2  Certification mechanisms, seals and marks

18. The GDPR does not define “certification mechanisms, seals or marks” – and uses the terms collectively. A certificate is a statement of conformity. A seal or mark can be used to signify the successful completion of the certification procedure. A seal or mark commonly refers to a logo or symbol whose presence (in addition to a certificate) indicates that the object of certification has been independently assessed in a certification procedure and conforms to specified requirements, stated in normative documents such as regulations, standards or technical specifications. These requirements in the context of certification under the GDPR are set out in the additional requirements that supplement the rules for accreditation of certification bodies in EN-ISO/IEC 17065/2012 and the certification criteria approved by the competent supervisory authority or the Board. A certificate, seal or mark under the GDPR can only be issued following the independent assessment of evidence by an accredited certification body or competent supervisory authority, stating that the certification criteria have been satisfied.

19. The table provides a generic example of a certification process