登录查看更多内容

GDPR certification clarifications by EDPB

Cesare Gallotti

Consultant in information security, Lead auditor ISO/IEC 27001, ISO 9001, ISO/IEC 20000; CISA, ITIL Expert, CBCI

发布日期: 2023年9月7日

European Data Protection Board issued some clarifications about the #GDPR #certification: https://edpb.europa.eu/our-work-tools/our-documents/letters/edpb-letter-accredia_en.

Text is very technical and more important for certification bodies than for organizations. Here my highlights:

EDPB repeats that its duty is to evaluate certification criteria, not the accreditation activities because this is the duty of national supervisory authorities;
the "scheme owner" can be a certification body (for Europrivacy, the scheme owner is Europrivacy itself);
the accreditation is required for each state (and by each relevant Supervisory authority or national accreditation body) where the certification body works; this can be difficult, considering that EU states are 27 and maybe in the future a mechanism will be implemented for ease this duty.

Infosec & Quality

2,219 位关注者

Giovanni Francescutti

Global Technical Manager

1 年

Dear Cesare, just a clarification. For point 3 EDPB writes: "Accreditation for a European Data Protection Seal shall occur in the Member State where the certification body intending to operate the scheme has its’ headquarters. Where other establishments or offices manage and perform certifications autonomously, each of these establishments or offices will require separate accreditation in the Member State where they are based". If the Certification body offices are in other establishments, but not acting autonomously (read: under the responsibility of the HQ dealing directly with Qualification, Technical Approval, Rules and Procedures, etc.), it is allowed to issue certificates in all member states using the HQ's Accreditation.

查看更多评论

要查看或添加评论，请登录

Cesare Gallotti的更多文章

Infosec & Quality newsletter ENG (March 2025)

2025年3月18日

Infosec & Quality newsletter ENG (March 2025)

****************************************************** Table of contents 01- Status of ISO/IEC 27xxx standards (privacy…
Infosec & Quality newsletter ITA (Marzo 2025)

2025年3月18日

Infosec & Quality newsletter ITA (Marzo 2025)

****************************************************** Indice 01- Stato degli standard ISO/IEC 27xxx (privacy e…

1 条评论
Infosec & Quality newsletter ITA (Febbraio 2025)

2025年2月18日

Infosec & Quality newsletter ITA (Febbraio 2025)

****************************************************** Indice 01- Novità normative: Aggiornamento legislativo 2025 02-…
Infosec & Quality newsletter ENG (February 2025)

2025年2月18日

Infosec & Quality newsletter ENG (February 2025)

****************************************************** Index 01- Legislation: European Commission and AI Act…
Infosec & Quality newsletter ENG (January 2025)

2025年1月20日

Infosec & Quality newsletter ENG (January 2025)

Table of contents 01- US Cyber Trust Mark Program 02- Legislation: Cyber resilience act 03- CISA Guide for Mobile…
Infosec & Quality newsletter ITA (Gennaio 2025)

2025年1月20日

Infosec & Quality newsletter ITA (Gennaio 2025)

Indice 01- Sull'incidente InfoCert 02- Rapporto annuale Polizia postale 03- US Cyber Trust Mark Program 04- Normativa:…

4 条评论
Infosec & Quality newsletter ITA (Dicembre 2024)

2024年12月17日

Infosec & Quality newsletter ITA (Dicembre 2024)

Indice 00- Auguri 01- Pubblicato il cyber resilience act (CRA) 02- ACN: Linee guida per il rafforzamento della…

1 条评论
Infosec & Quality newsletter ENG (December 2024)

2024年12月17日

Infosec & Quality newsletter ENG (December 2024)

****************************************************** Table of contents 00- Seasonal Greetings 01- Cyber Resilience…
Infosec & Quality newsletter ITA (Ottobre 2024)

2024年11月20日

Infosec & Quality newsletter ITA (Ottobre 2024)

Indice 01- NIS2: scadenza per la registrazione 02- NIS2: Implementing Regulation della Commissione 03- NIS2: ENISA…

1 条评论
Infosec & Quality newsletter ENG (November 2024)

2024年11月20日

Infosec & Quality newsletter ENG (November 2024)

Table of contents 01- NIS2: Commission Implementing Regulation 02- NIS2: ENISA Implementation guidance on NIS 2…

See all articles

GDPR certification clarifications by EDPB

Cesare Gallotti

Consultant in information security, Lead auditor ISO/IEC 27001, ISO 9001, ISO/IEC 20000; CISA, ITIL Expert, CBCI

Infosec & Quality

2,219 位关注者

Cesare Gallotti的更多文章

社区洞察

其他会员也浏览了

The General Data Protection Regulation (GDPR)...... Myths & Facts!

If Brexit Meets GDPR

General Data Protection Regulation (GDPR): Be prepared – not scared!

EU Commission report to EU Parliament and Council on General Data Protection Regulation 2016/679 (GDPR)

Are you GDPR ready?

GDPR: 6 Weeks to Get Your Data Compliant or Face Big Fines | Webinar + Q&A this Friday!

General Data Protection Regulation (GDPR) HACK

What is GDPR and how will it affect you?

GDPR - What You Need To Know (Infographic)

GDPR: How It Affects Our Business and Yours

Infosec & Quality

2,219 位关注者

Cesare Gallotti的更多文章

Infosec & Quality newsletter ENG (March 2025)

Infosec & Quality newsletter ITA (Marzo 2025)

Infosec & Quality newsletter ITA (Febbraio 2025)

Infosec & Quality newsletter ENG (February 2025)

Infosec & Quality newsletter ENG (January 2025)

Infosec & Quality newsletter ITA (Gennaio 2025)

Infosec & Quality newsletter ITA (Dicembre 2024)

Infosec & Quality newsletter ENG (December 2024)

Infosec & Quality newsletter ITA (Ottobre 2024)

Infosec & Quality newsletter ENG (November 2024)

社区洞察

其他会员也浏览了

The General Data Protection Regulation (GDPR)...... Myths & Facts!

If Brexit Meets GDPR

General Data Protection Regulation (GDPR): Be prepared – not scared!

EU Commission report to EU Parliament and Council on General Data Protection Regulation 2016/679 (GDPR)

Are you GDPR ready?

GDPR: 6 Weeks to Get Your Data Compliant or Face Big Fines | Webinar + Q&A this Friday!

General Data Protection Regulation (GDPR) HACK

What is GDPR and how will it affect you?

GDPR - What You Need To Know (Infographic)

GDPR: How It Affects Our Business and Yours