Select your nation of interest

Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
LITHUANIAN SUPERVISORY AUTHORITY: EU supervisory authorities meet on the practice of assessing certification criteria under the General Data Protection Regulation

LITHUANIAN SUPERVISORY AUTHORITY: EU supervisory authorities meet on the practice of assessing certification criteria under the General Data Protection Regulation

22-24 November 2023

A workshop of the EU Member States’ personal data protection supervisory authorities on the evaluation of certification criteria/certification schemes took place in Luxembourg within the Compliance, E-government and Health Expert Subgroup of the European Data Protection Board (EDPB), in the framework of the consistency mechanism under the General Data Protection Regulation (GDPR).

This workshop is a follow-up to a similar workshop held in Madrid in March. The first workshop assessed various aspects of the evaluation of certification schemes that have been the most controversial in practice, thus aiming to ensure a uniform evaluation mechanism across the European Economic Area (EEA). In Luxembourg, issues related to the transfer of personal data to third countries were addressed.

Please note that certification under the GDPR is relevant in two cases, i.e. it can be one of:

  • accountability (recital 100 of the preamble to the GDPR and Article 5(2)) as a means of demonstrating compliance with the GDPR by the controller or processor. In this case, certification is governed by Article 42 of the GDPR, or
  • tools (safeguards) for the transfer of personal data to third countries to ensure that the level of protection applied to personal data transferred outside the EEA is not reduced. In this case, certification is governed by Article 46(2)(f) GDPR.

The workshop covered issues related to both certification schemes under Article 42 of the GDPR (where the scheme aims to certify processing operations involving the transfer of personal data to third countries, in which case the compliance of the entity providing the personal data with the requirements set out in Chapter V of the GDPR is assessed) and under Article 46 of the GDPR (where the certification scheme is essentially aimed at demonstrating the adequacy of the protection of personal data in the third country of the entity receiving personal data in line with the GDPR).

The workshop in Luxembourg was attended by Ms Margarita Valčiukė, Counsellor of the Legal Department of the DPAI, and Ms Lina Klimavičienė, Senior Specialist. Ms Valčiukė was the coordinator of two of the workshop topics. The seminar participants examined particular aspects of the application of these issues in practice in working groups, one of which was moderated by a representative of the DPAI.

https://vdai.lrv.lt/lt/naujienos/es-prieziuros-institucijos-susitiko-del-bendrajame-duomenu-apsaugos-reglamente-numatytos-sertifikavimo-kriteriju-vertinimo-praktikos/

Redazione
29 November 2023

Recommended to you

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

6 March, 2025

LATVIAN SUPERVISORY AUTHORITY: A list of processing operations that are not required to be...

6 March, 2025

ICELANDIC SUPERVISORY AUTHORITY: Arion Bank hf.’s processing of personal data for marketing purposes and...

6 March, 2025

GERMAN SUPERVISORY AUTHORITY: BfDI participates in Europe-wide review of the right to erasure

5 March, 2025

DANISH SUPERVISORY AUTHORITY: EDPB launches coordinated action on the right to erasure

5 March, 2025

Vulnerability in Apache Tomcat (AL04/241217/CSIRT-ITA)

4 March, 2025

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

4 March, 2025

CISCO Product Updates (AL01/230112/CSIRT-ITA)

4 March, 2025

Android Security Updates (AL02/250304/CSIRT-ITA)

4 March, 2025

Vulnerability in Progress WhatsUp Gold (AL02/240627/CSIRT-ITA) – Update (AL02/240627/CSIRT-ITA)

4 March, 2025

ManageEngine: vulnerability fixed (AL01/250304/CSIRT-ITA)

4 March, 2025

Mautic: Public PoC for CVE-2024-47051 Exploitation (AL02/250303/CSIRT-ITA)

3 March, 2025

CANADIAN SUPERVISORY AUTHORITY: seeks Federal Court order requiring Pornhub operator to comply with Canadian...

3 March, 2025

Security Updates for Synology Products (AL01/250303/CSIRT-ITA)

3 March, 2025

7-Zip vulnerability fixed (AL02/250122/CSIRT-ITA)

28 February, 2025

Vulnerability in PostgreSQL (AL01/250214/CSIRT-ITA)

28 February, 2025

ITALIAN SUPERVISORY AUTHORITY: Fetus Cemetery: Sanctioned the Municipality of Brescia

28 February, 2025

 ITALIAN SUPERVISORY AUTHORITY: a credit rehabilitation company fined for 70 thousand euros

28 February, 2025

ITALIAN SUPERVISORY AUTHORITY: Fetus Cemetery: Sanctioned the Municipality of Brescia

28 February, 2025

ITALIAN SUPERVISORY AUTHORITY: ok to telemedicine with more guarantees for personal data

28 February, 2025

Advanced Research