The EDPB has recently published its Addendum to Guidelines 1/2018 on certification and identifying certification criteria per Articles 42 and 43 GDPR and, on this basis, conducted a public consultation process. One key question has been how a scheme must specify the GDPR-provisions with respect to a predefined processing operation. Promoters of general schemes argue that general schemes are more flexible and cost-saving. To the contrary, promoters of specific schemes argue that specific schemes are actually more cost-saving and, above all, are the only way to effectively increase transparency and an EU-wide consistent application of the GDPR. The proposed panel gives an overview of the certification schemes approved so far by Data Protection Authorities or the EDPB and evaluates them against the regulatory objectives of Articles 42 and 43 GDPR.
• What are the regulatory objectives of Articles 42 and 43 GDPR?
• What are the pros and cons of general and specific certification schemes?
• What schemes have been approved by data protection authorities/EDPB so far?
• How far do these certification schemes meet the regulatory objectives?