Accreditation of certification bodies under Article 43 GDPR

Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of GDPR

Section 1
Introduction
Section 2
Scope of the guidelines
Section 3
Interpretation of ‘accreditation’ for the purposes Article 43 of the GDPR
Section 4
Accreditation in accordance with Article 43 (1) GDPR
Section 4.1
Role for Member States
Section 4.2
Interaction with Regulation EC (765/2008)
Section 4.3
The role of the national accreditation body
Section 4.4
The role of the supervisory authority
Section 4.5
Supervisory authority acting as certfication body
Section 4.6
Accreditation requirements
Section Annex 1
Annex 1
Section 0 Annex 1
Prefix
Section 1 Annex 1
Scope
Section 2 Annex 1
Normative Reference
Section 3 Annex 1
Terms and Definitions
Section 4 Annex 1
General Requirements for Accreditation
Section 4.1 Annex 1
Legal and contractual matters
Paragraph 4.1.1 Annex 1
Legal responsibility
Paragraph 4.1.2 Annex 1
Certification agreement (“CA”)
Paragraph 4.1.3 Annex 1
Use of data protection seals and marks
Section 4.2 Annex 1
Management of impartiality
Section 4.3 Annex 1
Liability and financing
Section 4.4 Annex 1
Non-discriminatory conditions
Section 4.5 Annex 1
Confidentiality
Section 4.6 Annex 1
Publicly available information
Section 5 Annex 1
Structural Requirements, Article. 43(4) (“Proper” Assessment)
Section 5.1 Annex 1
Organisational structure and top management
Section 5.2 Annex 1
Mechanisms for safeguarding impartiality
Section 6 Annex 1
Resource Requirements
Section 6.1 Annex 1
Certification body personnel
Section 6.2 Annex 1
Resources for evaluation
Section 7 Annex 1
Process Requirements, Article 43(2)(C),(D)
Section 7.1 Annex 1
General
Section 7.2 Annex 1
Application
Section 7.3 Annex 1
Application review
Section 7.4 Annex 1
Evaluation
Section 7.5 Annex 1
Review
Section 7.6 Annex 1
Certification decision
Section 7.7 Annex 1
Certification documentation
Section 7.8 Annex 1
Directory of certified products
Section 7.9 Annex 1
Surveillance
Section 7.10 Annex 1
Changes affecting certification
Section 7.11 Annex 1
Termination, reduction, suspension or withdrawal of certification
Section 7.12 Annex 1
Records
Section 7.13 Annex 1
Complaints and appeals, article 43 (2)(d)
Section 8 Annex 1
Management System Requirements
Section 8.1 Annex 1
General management system requirements
Section 8.2 Annex 1
Management system documentation
Section 8.3 Annex 1
Controle of documents
Section 8.4 Annex 1
Controle of records
Section 8.5 Annex 1
Management Review
Section 8.6 Annex 1
Internal audits
Section 8.7 Annex 1
Corrective actions
Section 8.8 Annex 1
Preventive actions
Section 9 Annex 1
Further Additional Requirments
Section 9.1 Annex 1
Updating of evaluation methods
Section 9.2 Annex 1
Maintaining expertise
Section 9.3 Annex 1
Responsibilities and competencies
Paragraph 9.3.1 Annex 1
Communication between CB and its customers
Paragraph 9.3.2 Annex 1
Documentation of evaluation activities
Paragraph 9.3.3 Annex 1
Management of complaint handling
Paragraph 9.3.4 Annex 1
Management of withdrawal
author avatar
Privacy Professor

Professor mr drs Romeo F. Kadir MA MSc LLM LLM (Adv) EMBA EMoC

At present Romeo Kadir serves as the President of the Global Association of Data Protection Professionals Europe (GADPPRO). GADPPRO is a thought leader self-regulatory association of data protection professionals based in the European Union, active around the globe and the first European Association of data protection professionals open for members outside the EU. Please visit www.gadppro.org for more information.

First appointed Data Protection Officer (DPO) ever in the Netherlands (European Union) at a semi-public entity. Seasoned European Privacy and Data Protection Expert (22+ years of practical experience in EU Privacy and Data Protection Law, Business Management, Compliance and Ethics).

Studied European and International Law, Political Sciences and Business Administration. Romeo Kadir is EIPACC EADPP Professor European Privacy & Data Protection Law at Universitas Padjadjaran UNpad (Indonesia) and Honorary Visiting Research Fellow with O.P. Jindal Global University (New Delhi), Senior Associate Fellow with Vidhi Centre for Legal Policy (New Delhi), Lecturer Science Honours Academy and Lecturer at the International Molengraaff Institute, Utrecht University (UU, Netherlands). In 2010 he was founder of the first European Data Protection Academy focusing on privacy-only executive education.

Present Occupations in European Data Protection Law

Member of the International Bar Association (IBA)
Member of the International Board of Experts with EuroPrivacy Certification Scheme (Geneva and Luxembourg)
Member of the International Strategic Board with EuroPrivacy Certification Scheme (Geneva and Luxembourg)
Member of the Swiss-Chinese Law Association (SCLA)

Former Occupations in European Data Protection Law

President European Institute for Privacy, Audit, Compliance & Certification (EIPACC)
Co-Founder/Vice-President European Association for Data Protection Professionals (EADPP)
Chair EADPP Certification Committee Data Protection Professionals,
Chair EADPP Academic Board
Chair EADPP Expert Committee on Cybersecurity
Chair EADPP Expert Committee on Artificial Intelligence (AI)
President Supervisory Board of the Dutch Privacy Complaints Office (NPKI)
Rapporteur to UN Monitoring Commission Human Rights on behalf of the Dutch Privacy Foundation (SPN)

Publications

'Handbook DPO - A Practical Guide', Privacy Publishing Group (2017)
Editor-in-Chief of ‘Data Protection Dictionary’, authored, edited and coordinated ‘Handbook for the Data Protection Officer – A practical Guide’, ‘The Ultimate GDPR Business Guide – Six Volumes’ and other relevant books in the field of privacy and data protection (www.dataprotectionbooks.com)

www.romeokadir.eu

You may also like

Children Safety Encryption www.privacad.com
Apple’s New Step to Protect Child Abuse via Encryption Feature
20 August, 2021
DNA Technology and Privacy www.privacad.com
DNA Technology Regulation Bill and Violation of Privacy for Minority Groups
19 August, 2021
www.privacad.com
India accuses Twitter of not complying with new IT rules
18 August, 2021