The European Data Protection Board published its first opinion regarding certification schemes, responding to a submission from Luxembourg’s National Commission for Data Protection on its EU General Data Protection Regulation Certified Assurance Report-based Processing Activities. The GDPR-CARPA contains requirements that certification bodies have to fulfill in order to be granted the accreditation by the CNPD. EDPB Chair Andrea Jelinek called the opinion "an important step towards greater GDPR compliance," while noting controllers and processors can "gain greater visibility and credibility" by submitting to such certification mechanisms.
EDPB adopts opinion on Luxembourg certification scheme
RELATED STORIES
A view from DC: Our data, ourselves
Notes from the IAPP Canada: Privacy law teaching, training and turkey
Notes from the Asia-Pacific region: Quiet, contemplation follows introduction of initial Australia Privacy Act reforms
A view from Brussels: Trans-Atlantic transfers deal gets thumbs-up as adequacy remains a strategic priority
US courts, regulators weigh in on online tracking in health care