Draft criteria for certification and accreditation issued

The Office for Personal Data Protection has issued a draft and is currently awaiting comments and suggestions from the professional public. Read on to find out how complicated it could be to obtain a data protection certificate or accreditation for certification. And speak up if you have constructive comments.

A few days ago, the official Draft Criteria for Data Protection Certification and Accreditation under Regulation (EU) 2016/697 of the European Parliament and of the Council was released. It is currently out for public consultation. The Authority is accepting any comments until 20 January 2018.

The comments received will be used by the Authority at the WP29 Working Group in the near future to inform the preparation of the WP29 Guidelines on accreditation and certification issues.

The provisional date for the publication of these WP29 guidelines is set as February 2018. Following this, and taking into account the final form of the procedural rules for accreditation in the Personal Data Processing Act, the material will be further modified and supplemented with specific requirements relating to a particular area, process or technology of personal data processing.