Meaningful certification mechanisms can enhance compliance with the GDPR and transparency for data subjects and in business to business (B2B) relations, for example between controllers and processors. Data controllers and processors will benefit from an independent third-party attestation for the purpose of demonstrating compliance of their processing operations.
The General Data Protection Regulation (Regulation (EU) 2016/679) provides a modernised, accountability and fundamental rights based compliance framework for data protection in Europe. A range of measures to facilitate compliance with the provisions of the GDPR are central to this new framework. These include mandatory requirements in specific circumstances (including the appointment of Data Protection Officers and carrying out data protection impact assessments) and voluntary measures such as codes of conduct and certification mechanisms.
The EDPB acknowledges that the purpose of accreditation is to provide an authoritative statement of the competence of a body to perform certification (conformity assessment activities).
Accreditation in terms of the GDPR is to be understood to mean the following: An attestation by a national accreditation body and/or by a supervisory authority, that a certification body is qualified to carry out certification pursuant to Article 42 and 43 GDPR, taking into account ISO/IEC 17065/2012 and the additional requirements established by the supervisory authority and or by the Board.
Any organization, company, business or other public or private body can be certified as per the requirements as set in EIPACC Standard CS-21000. Only EIPACC acknowledged certifying bodies are allowed to certify as per EIPACC Standard CS-21000. After completion of the EIPACC training 'EIPACC Standard CS-2100 Certification', especially designed for certifying bodies, ISO/IEC 17065 (or otherwise) accredited certification bodies automatically qualify for EIPACC acknowledgement as a certification body.
If you are a certifying body (whether or not accredited as per ISO/IEC 17065) and you are interested in data protection certification of your clients (any organization, company, business or other public or private body) as per the EIPACC Standard CS-21000 please submit the form below ans our EIPACC Accreditation Team will get back to you at earliest convenience.
© 2021| European Institute for Privacy Audit, Compliance & Certification (EIPACC) |