On 25 May 2020, the European Data Protection Board (EDPB) issued its opinions on draft decisions of certain national supervisory authorities on certification and code of conduct monitoring bodies’ accreditation requirements. This includes opinions on the draft decisions from supervisory authorities in:

  • Finland, Germany, Ireland, and Italy, on the approval of the requirements for accreditation of a code of conduct monitoring body under article 41 of the General Data Protection Regulation (GDPR)
  • The Czech Republic, Germany, and Ireland, on the approval of the requirements for accreditation of a certification body under article 43(3) of the GDPR

Continue Reading EDPB publishes opinions on draft decisions of Data Protection Authorities on the accreditation of certification bodies and code of conduct monitoring bodies

At its eleventh plenary session on 4 June 2019 in Brussels, the European Data Protection Board (EDPB) adopted final versions of (1) the Guidelines 1/2019 on codes of conduct and monitoring bodies under Regulation 2016/679, (2) annex 2 to the Guidelines on certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679

The UK’s Information Commissioner’s Office (ICO) has published new guidance on certification and codes of conduct for data processing as well as expected timetables for finalising its revised guidelines on these topics.

Certification

Certification is a voluntary mechanism for organisations to validate their compliance with the General Data Protection Regulation 2016/679 (GDPR). Once the submissions