Guidelines on certification and identifying certification criteria

The primary aim of these guidelines is to identify overarching criteria that may be relevant to all types of certification mechanisms issued in accordance with Articles 42 and 43 of the GDPR. To this end, the guidelines:

  • explore the rationale for certification as an accountability tool;
  • explain the key concepts of the certification provisions in Articles 42 and 43; and
  • explain the scope of what can be certified under Articles 42 and 43 and the purpose of certification.