At the beginning of July, our founder and CEO, Prof. Bauer, held a webinar about the status of data protection certificates according to Art. 42 GDPR. Prof. Bauer introduced the requirements and functionalities of data protection certificates, discussed the pros and cons, and presented possible alternatives.
The key findings:
- Very high requirements for accreditation
- Only a few certification bodies accredited so far
- Data protection certificates according to Art. 42 GDPR are therefore only offered by a few certification bodies.
- Some limitations: only specific data processing activities can be certified.
- Risks regarding the legal certainty of the requirements, e.g., implementation of all “working papers” and further recommendations of data protection authorities (statements, guidelines, etc.) is necessary.
- There is a lack of simpler solutions for “low-risk” data processing and solutions for SMEs and new technologies.
- The very long and complex process of certificate recognition leads to a complex and costly operation of certification bodies and correspondingly high costs for applicants.
“Free” Data Protection Seals offer an Alternative:
- “Free” or “private” seals are possible, have proven track-record for many years, and are widely used.
- As a comprehensive report, they achieve much more than what is usually documented in organizations. Useful as proof of GDPR compliance (except Art. 42) and highly effective for marketing purposes.
- Broader scope of application (also for management systems, platforms).
- Sensible area of application (more flexible design for SMEs and new technologies, etc.).
- Significantly cheaper and faster certification process.
If you would like to have a look to the presentation or need further information or details, please feel free to contact us.