EDPB adopts first opinion on certification criteria

Feb 2, 2022

Source: European Data Protection Board

The EDPB adopted its opinion on the GDPR-CARPA certification scheme submitted to the Board by the Luxembourg Supervisory Authority (SA). This is the first time that the EDPB adopts a consistency opinion on criteria for a nationwide certification scheme. The GDPR-CARPA certification scheme is a general scheme, which does not focus on a specific sector or type of processing. It includes requirements on data protection governance in the organisation surrounding the processing activities.

EDPB Chair, Andrea Jelinek, said: “This opinion is an important step towards greater GDPR compliance. The main aim of certification mechanisms is to help controllers and processors demonstrate compliance with the GDPR. Controllers and processors adhering to a certification mechanism also gain greater visibility and credibility, as it allows individuals to quickly assess the level of protection of the processing operations.”
The EDPB opinion aims to ensure the consistency and correct application of certification criteria among SAs in the European Economic Area. To this end, the EDPB considers that a number of changes need to be made to the draft certification criteria.

After approval by the SA, the certification mechanism will also be added to the register of certification mechanisms and data protection seals in accordance with Art. 42 (8) GDPR.

Note to editors:
The present certification is not a certification according to article 46(2)(f) of the GDPR meant for international transfers of personal data and therefore does not provide appropriate safeguards within the framework of transfers of personal data to third countries or international organisations.

All documents adopted during the EDPB Plenary are subject to the necessary legal, linguistic and formatting checks and will be made available on the EDPB website once these have been completed.

 

Recent news

EDPB calls for coherence of digital legislation with the GDPR

Brussels, 04 December - During its December 2024 plenary, the European Data Protection Board (EDPB) adopted a statement on the second report of the European Commission on the application of the General Data Protection Regulation (GDPR).* In its statement, the EDPB...

read more

EDPB stakeholder event AI models

The EDPB is holding a stakeholder event on “AI models” with participants representing European sector associations, organisations, NGOs, individual companies, law firms and academics.    During today’s event, the EDPB will collect input for of the preparation of a...

read more