Apart from just showing internally that you are compliant with the law, many companies are also looking for more public ways to confirm that they are meeting their data protection obligations. The GDPR offers various options to do so: adherence to a (sectoral) code of conduct, the development of Binding Corporate Rules or certification.
Article 42 and 43 GDPR allow for the development of certification mechanisms, seals and trust marks to demonstrate compliance with the provisions of the Regulation. In addition, the GDPR offers the possibility to non-EU data controllers, to certify their privacy program to assert they have implemented appropriate safeguards for data protection. This specific certification would allow for data transfers, even when no adequacy decision is in place. Nymity currently has a research project ongoing that looks into the various elements of GDPR certification.
During this webinar, we will look at both past and current certification mechanisms across the world and discuss lessons learned, based on our research project. Next, we will look ahead at what certification mechanisms under the GDPR could look like and why companies should consider to certify their privacy programs or their privacy technology. This will include the question if, and to what extent, Binding Corporate Rules could be regarded as a form of certification. Finally, we will discuss with representatives of the Article 29 Working Party what their guidance on the use of certifications under the GDPR could entail.
Nymity Director of EU Certification Research and Senior Solutions Advisor and former Senior International Officer, Dutch DPA
GDPR Webinar Series 2017 / View all webinars