First “European Privacy Certificate” approved by EDPB (10.10.2022)
The European Data Protection Board (EDPB) has approved the Europrivacy criteria for certification as the “European Data Protection Seal”(common certification) under Article 42 (5) of the GDPR.
With the certificate, companies can now evaluate and formally approve their data processing compliance, and Europrivacy certificates will be officially recognised in all EU countries.
Certifications are important mechanisms defined in the GDPR as they enable controllers and processors to demonstrate compliance with GDPR.
🌿 This is significant because, up until now, the Commission has not officially approved a certification that reflects the requirements and GDPR principles.
Europrivacy certification mechanism-My Highlights
The Europrivacy certification mechanism is a general scheme as it targets a wide range of processing operations performed by controllers and processors from various sectors of activity.
👉🏻 The primary criteria of this certification mechanism consist of “Core criteria” and “TOMs checks and controls” concerning the technological and organisational measures in place to protect the personal data being processed.
The criteria include “complementary contextual checks and controls” for the domain and technology specific requirements.
👉🏽 The Europrivacy certification mechanism does not cover international personal data transfers and will not provide adequate protection for transfers to third or international countries.
👉🏾The Europrivacy certification mechanism excludes the processing of genetic data. As a result, genetic data processing will be excluded from the Board’s evaluation of the criteria.
👉🏿The criteria require respective measures to be put in place when dealing with DSARs(Data Subject Access Requests), and I am excited to learn more about this since there are so many different approaches and issues around DSARs.
🐹 All applicants must appoint a Data Protection Officer (DPO), even though Article 37 of the GDPR doesn’t require one all the time.
As a result, EDPB considers Europrivacy certification criteria consistent with GDPR and will make it common certification (European Data Protection Seal) by registering in the public register of certification mechanisms and data protection seals and marks pursuant to Article 42(8).
⭐️ I think this is fantastic news because now controllers and processors will have a standardised and approved set of rules to apply and show their compliance to data subjects, consumers, partners, stakeholders, etc.
💡The EDPB reminds controllers and processors that certificates are voluntary accountability tools and that adhering to a certificate mechanism does not reduce their responsibility to comply with GDPR or prevent supervisory authorities from exercising their mandates.
🐹 Follow Me on Linkedin:
Follow Databulls:
Some of my other articles:
#privacy #gdpr #compliance #certificate #mechanism #seal #europrivacy #eu #edpb #controller #processor #data #datasecurity #breach #technology