A new role for certifications?

By | Friday June 19th, 2015

The Regulation provides for the possibility for Data Controllers and Data Processors to use certification, i.e. services designed to provide reliable evidence of compliance in terms of data protection (definition, implementation and review of appropriate measures).

Regarding the Processor, the text provides that the guarantees that the Processor must provide to be appointed as such “may be demonstrated by adherence to codes of conduct or certification mechanism pursuant”.

The legislation does not require the Controllers certification duties but gives them the right to use such warranty.

The Regulation also provides for the possibility for the Supervisory Authority to accredit external auditors with specialized skills.

Following certification, the Controller and the Processor will be given a standardized seal of Data Protection (“European Data Protection Seal”).

The certification will become a valid tool only if the rules that the Supervisory Authority will establish, will be clear, precise, detailed and will also define how to achieve the requirements of certification.

Tool of certification, however, could be suitable to simplify the responsibilities of Controllers about the selection of reliable partners.

Therefore it is necessary that, in respect of the experience of certification in other areas, the procedures for implementing the same services are regulated in more precise and thorough manner.

Category: Open Forum

About Andrea Reghelin

Andrea Reghelin is senior compliance manager at Partners4Innovation. He holds a specialization in business organization and information technology, and is an attorney. He deals with corporate compliance, in particular with new technologies law (privacy, IT controls, IT contracts, etc..) and business crime prevention (Legislative Decree no. 231/2001, safety at work and environment), mainly providing consulting support at complex organizations. He is lecturer at several educational events, as well as author of articles and contributions, published in professional journals

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.