Certification and identifying certification criteria in accordance with Articles 42 and 43 of the GDPR
Guidelines 01/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the GDPR
ANNEX 1: TASKS AND POWERS OF SUPERVISORY AUTHORITIES IN RELATION TO CERTIFICATION IN ACCORDANCE WITH THE GDPR
| Provisions | Requirements |
Tasks | Article 43(6) | Requires the supervisory authority to make public the criteria referred to in Article 42(5) in an easily accessible form and transmit them to the Board. |
Article 57(1)(n) | Requires the supervisory authority to approve certification criteria pursuant to Article 42(5). | |
Article 57(1)(o) | Provides that where appropriate (i.e. where it issues certification), it shall carry out a periodic review of certification issued in accordance with Article 42(7). | |
Article 64(1)(c) | Requires the supervisory authority to communicate the draft decision to the Board, when it aims to approve the criteria for certification referred to in Article 42(5). | |
Powers | Article 58(1)(c) | Provides that the supervisory authority has the power to carry out reviews of certification pursuant to Article 42(7); |
Article 58(2)(h) | Provides that the supervisory authority has the power to withdraw or order the certification body to withdraw certification or order the certification body not to issue certification. | |
Article 58(3)(e) | Provides that the supervisory authority has the power to accredit certification bodies | |
Article 58(3)(f) | Provides that the supervisory authority has the power to issue certification and approve certification criteria. | |
Article 58(3)(e) | Provides that the supervisory authority has the power to accredit certification bodies. | |
Article 58(3)(f) | Provides that the supervisory authority has the power to issue certification and approve certification criteria. |