Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
Accreditation of certification bodies of compliance with the GDPR: The Garante Privacy establishes the additional requirements

Accreditation of certification bodies of compliance with the GDPR: The Garante Privacy establishes the additional requirements

Absence of fights of interest, suitable staff training, management of complaints, periodic checks on certified services and products. These are some of the requirements fixed by the Garante of Personal Data Protection for the accreditation of certification bodies which can attest the respect of the legislation of the European General Data Protection Regulation (GDPR) by companies and bodies which process personal data in order to offer specific products or services.

The European Regulation provides that the issue of certification about personal data protection is made by bodies accredited to carry out these functions. In Italy, the legislator has assigned the accreditation task to Accredia. The accreditation must happen based on the requirements included into the technical international legislation EN-ISO/IEC 17065:2012 y additional requirement established by the National Privacy Authority, based on a common model defined by the European Data Protection Board (EDPB).

The measure of the Garante with include these additional requirements has been adopted after the favorable opinion issued by the EDPB and establish that Accredia controls that the certification bodies meet criteria of honorability, independence and impartiality, attesting to the absence of conflicts of interest with those wishing to certify.

In addition, certifiers will need to be staffed with qualified and constantly up-to-date staff, adopt appropriate complaints management processes and implement regular surveillance procedures on certified products, processes and services.

Additional specific requirements identified by the Garanterelate to the certification agreements defined by the certification bodies with their customers that will, for example, contain clauses that ensure full transparency about the activity carried out by the controller of the processor of the certified treatment.

The Authority stresses that certification is an important element in terms of accountability – because it attests, through independent bodies, to the commitment to comply with GDPR by the company or the institution that obtains it – and contributes to increasing users’ confidence in the management of their personal data.

The certification, however, recalls the Authority, does not exhaust the obligations of compliance of the GDPR and, in any case, leaves the tasks and powers of control of the Garante unprejudiced.

SOURCE: FEDERPRIVACY

Recommended to you

Advanced Research