Cross Border Transfer Mechanisms: Certifications



Certifications are yet another way that businesses doing business in the EU can achieve cross border transfers of personal data out of the EU.  Businesses can also demonstrate compliance with GDPR by instituting a certification mechanism.

Member states, supervisory authorities, the EDPB or the Commission are required to encourage the establishment of certification mechanisms to enhance transparency and compliance with the Regulation.


Certification can be issued by Data Protection Authorities (DPAs.) or accredited certification bodies. In conjunction with the harmonization goal GDPR, Art. 42 encourages an EU-wide outlook for certification schemes. As of yet, there are no credential certification bodies, which presents a huge economic opportunity to the organization who applies and is approved as a certification body. 

Certifications does not reduce a data controller's or processor's protection responsibilities. Controllers/Processors are required provide all the necessary information and access to their processing activities to the certification body to enable it to conduct the certification procedure.

Certifications will be valid for a maximum of three years. It can be withdrawn if you no longer meet the requirements of the certification, and the supervisory authority will be notified.

Failure to adhere to the standards of the certification scheme, could result in an administrative fine of up to 10 million Euros or 2 percent of your global turnover.


Comments

Popular posts from this blog

Sample Privacy Risk Assesment Example and Explanation

Preserving User Privacy in Digital Advertising: Navigating Consent and Privacy by Design

Cross Border Transfer Mechanism: Model Clauses