Certification as a Trusted Mechanism for Cross-border Data Transfers

In April 2026, the European Data Protection Board is expected to open the GDPR certification to non-European countries, including the Asia-Pacific region, and provide a new mechanism for international data transfers. The GDPR makes 73 references to certification, more than all other GDPR mechanisms — SCC, BCR and CC — combined.

The session will present this new mechanism and the difference between a regular Art. 42 GDPR certification delivered outside of Europe and the Art. 46 certification for Data Importers. It will introduce the complementarity with other global certification schemes such as ISO 27701, CBPR and interoperability mechanisms (i.e. Interprivacy). It will share lessons learned from the first wave of European Data Protection Seals delivered in Europe, their impact on risk, accountability and value-creation for certified applicants. It will also compare its reliability and ability to assess effective compliance in comparison to other GDPR mechanisms. This session will combine different stakeholders’ perspectives, including authorities from Europe and Asia, certification bodies and scheme owners.

What you will learn:

• The latest changes and applicability of GDPR certification to Asia-Pacific countries.

• How do the GDPR certification and European Data Protection Seal work under Art. 42 and 46.  

• The impact and legal effect of GDPR certification to support accountability, facilitate in-ternational data transfers, reduce risks and value compliance.