The Bavarian DPA Issues Paper on Certifications Under the GDPR
On June 22, 2016, the Bavarian Data Protection Authority (DPA) issued a short paper on certifications under Article 42 of the General Data Protection Regulation (GDPR). The GDPR will become effective on May 25, 2018. This paper is part of a series of papers that the Bavarian DPA will be issuing periodically on specific topics of the GDPR to inform the public about what topics are being discussed within the DPA. The DPA emphasizes that these papers are non-binding. The GDPR allows DPAs to issue data protection certifications to companies. According to the Bavarian DPA, such certifications would allow companies to demonstrate that their data processing activities comply with the requirements of the GDPR, however, certified companies must still comply with the law and can be subject to supervision by DPAs. The Bavarian DPA believes that certification under the GDPR has great potential and can provide clarity as to whether data processing operations comply with legal requirements under data protection law.