fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " certification "

Cybersecurity certification gets an EU revamp

A new EU Regulation on cybersecurity promises a more coordinated approach across Europe. The new law will set up a framework for the establishment of European cybersecurity certification schemes.

The intention is to prevent “certification shopping” based on different levels of stringency among member states. Certification will be voluntary initially, but regular assessments will be carried out to determine whether certification of particular products or services should become compulsory.

Source: Cybersecurity certification gets an EU revamp

European Commission Releases Study on GDPR Data Protection Certification Mechanisms

European Commission has published a final report “Data Protection Certification Mechanisms: Study on Articles 42 and 43 of the Regulation
(EU) 2016/679”.

The overall aim of the study is to support the establishment of data protection certification mechanisms and of data protection seals and marks pursuant to Articles 42 and 43 GDPR.

More specific the purpose of the assignment is to: i) accompany the establishment of data protection certification mechanisms and of data protection seals and marks pursuant to Art. 42 and 43 GDPR and ii) collect all relevant information for the Commission in view of the possible implementation of Art. 43(8) GDPR on the requirements for the data protection certification mechanisms and of Article 43(9) GDPR on the technical standards for certification mechanisms and data protection seals and marks, and for mechanisms to promote and recognise those certification mechanisms, seals and marks.

Read report: Data Protection Certification Mechanisms: Study on Articles 42 and 43 of the Regulation (EU) 2016/679

The road to GDPR certifications won’t be a short one

The EU General Data Protection Regulation has been in effect for five months, and yet there has not been much progress on the certification front. Companies are waiting to see what form certification will look like under Articles 42 and 43 of the GDPR, and tech vendors are coming out with solutions to help organizations display their GDPR compliance efforts in the interim.

While GDPR certifications have not yet appeared, plenty of regulatory bodies have come out with guidance on the subject. With all the guidance that’s emerged from global regulatory bodies, there remains controversy surrounding GDPR certifications. Under Article 42 of the GDPR, certification mechanisms will be issued to data controllers and processors.

Full article: The road to GDPR certifications won’t be a short one, it seems

CNIL releases ‘DPO logo’ for at-a-glance recognition

In order to acknowledge the quality of the DPO designated by a data controller, the CNIL has recently released a DPO logo available for internal and external communications of DPOs whose designation has been notified to the CNIL.

Source: CNIL releases ‘DPO logo’ for at-a-glance recognition

Fido Alliance adds a biometrics certification program to help fight spoofing 

In a move aimed at upping standards across biometric user verification systems, the industry consortium, Fido Alliance, has launched a certification program for biometrics systems.

The goal of the Biometric Certification Component Program is to provide a framework for the certification of biometric subsystems that can in turn be integrated into FIDO Certified authenticators. While biometric verification systems such as fingerprint readers have been pretty widely adopted in the mobile space already there hasn’t been a standardized way to validate the accuracy and reliability of biometric recognition systems in the commercial marketplace

Source: Fido Alliance adds a biometrics certification program to help fight spoofing | TechCrunch

EU Cybersecurity Plan Aims to Create Single Product Certification

Companies could get products like smart medical devices and connected cars certified by the same standards across all European Union member states, under a proposal currently being negotiated.

The Council of the EU June 8 agreed on its position about the proposal. That allows for future negotiations with the European Parliament. The Council and Parliament will then need to agree on a final text for it to become law.

Source: EU Cybersecurity Plan Aims to Streamline Product Certification | Bloomberg Law

GDPR certifications come into focus with EDPB guidance

Last week, on GDPR Day, as the law finally came into force, the newly minted European Data Protection Board shed some light on these questions and more with newly released guidance on certifying and identifying certification criteria in accordance with Articles 42 and 43 (there are also “codes of conduct” mentioned in the GDPR alongside certifications, but they aren’t addressed in this guidance).

Source: GDPR certifications come into focus with EDPB guidance

The case for mandatory cybersecurity and privacy certifications

Currently, it is the key question of cybersecurity and privacy strategic policy. The European Union is going through an overhaul of its privacy and cybersecurity regulatory frameworks. New regulations appear with remarkable frequency.

Source: The case for mandatory cybersecurity and privacy certifications

Certification and liability of the data controller

This paper aims to analyse a tool of the so-called “soft law”, that is the certification in the field of data protection. Art. 42, paragraph 2 of EU Regulation 2016/679 defines certification as voluntary. However, it is, more appropriately, a regulated certification, since it is based on rules issued by official institutions: particularly, certification criteria are approved by the competent authority or by the Board.

Source: Certification and liability of the data controller

>