ENISA report: Concepts and recommendations on European Data Protection Certification mechanisms
Yesterday, November 27th, ENISA published a report destined to familiarise data protection experts with the terminology of certification and to clarify concepts which are relevant to GDPR certification. The report identifies and analyses challenges and opportunities faced by data protection certification mechanisms, including seals and marks.
As of 25 May 2018, GDPR will be the main data protection legal framework in the EU and will be directly applicable to all EU Member States. GDPR will introduce provisions on certification to enhance the transparency of data controllers’ processing operations and the processors. The legislature also envisages a role of certification in assisting controllers and processors to demonstrate compliance with the regulation.
Thanks for that - it's going to be well worth a read. Those of us in otherwise unregulated industries may not be accustomed to organisational certification in the context of personal data. While the GDPR is rightly getting plenty of attention I imagine that most of us are focused on compliance and attestation. Satisfying a third party that we are in a good place may be another matter entirely. National regulators can I think expect to be lobbied by businesses on this topic!