Free tools and resources for Data Protection Officers!

Tag Archives for " certification "

The road to GDPR certifications won’t be a short one

The EU General Data Protection Regulation has been in effect for five months, and yet there has not been much progress on the certification front. Companies are waiting to see what form certification will look like under Articles 42 and 43 of the GDPR, and tech vendors are coming out with solutions to help organizations display their GDPR compliance efforts in the interim.

While GDPR certifications have not yet appeared, plenty of regulatory bodies have come out with guidance on the subject. With all the guidance that’s emerged from global regulatory bodies, there remains controversy surrounding GDPR certifications. Under Article 42 of the GDPR, certification mechanisms will be issued to data controllers and processors.

Full article: The road to GDPR certifications won’t be a short one, it seems

Fido Alliance adds a biometrics certification program to help fight spoofing 

In a move aimed at upping standards across biometric user verification systems, the industry consortium, Fido Alliance, has launched a certification program for biometrics systems.

The goal of the Biometric Certification Component Program is to provide a framework for the certification of biometric subsystems that can in turn be integrated into FIDO Certified authenticators. While biometric verification systems such as fingerprint readers have been pretty widely adopted in the mobile space already there hasn’t been a standardized way to validate the accuracy and reliability of biometric recognition systems in the commercial marketplace

Source: Fido Alliance adds a biometrics certification program to help fight spoofing | TechCrunch

EU Cybersecurity Plan Aims to Create Single Product Certification

Companies could get products like smart medical devices and connected cars certified by the same standards across all European Union member states, under a proposal currently being negotiated.

The Council of the EU June 8 agreed on its position about the proposal. That allows for future negotiations with the European Parliament. The Council and Parliament will then need to agree on a final text for it to become law.

Source: EU Cybersecurity Plan Aims to Streamline Product Certification | Bloomberg Law

GDPR certifications come into focus with EDPB guidance

Last week, on GDPR Day, as the law finally came into force, the newly minted European Data Protection Board shed some light on these questions and more with newly released guidance on certifying and identifying certification criteria in accordance with Articles 42 and 43 (there are also “codes of conduct” mentioned in the GDPR alongside certifications, but they aren’t addressed in this guidance).

Source: GDPR certifications come into focus with EDPB guidance

The case for mandatory cybersecurity and privacy certifications

Currently, it is the key question of cybersecurity and privacy strategic policy. The European Union is going through an overhaul of its privacy and cybersecurity regulatory frameworks. New regulations appear with remarkable frequency.

Source: The case for mandatory cybersecurity and privacy certifications

Certification and liability of the data controller

This paper aims to analyse a tool of the so-called “soft law”, that is the certification in the field of data protection. Art. 42, paragraph 2 of EU Regulation 2016/679 defines certification as voluntary. However, it is, more appropriately, a regulated certification, since it is based on rules issued by official institutions: particularly, certification criteria are approved by the competent authority or by the Board.

Source: Certification and liability of the data controller

EU privacy seal providers eagerly await official GDPR guidance

There should ideally be a pan-European accreditation for “privacy seal” providers when the General Data Protection Regulation comes into effect, one such provider, EuroPriSe, has argued. Articles 42 and 43 of the GDPR introduce official recognition for “certification bodies” that issue seals and marks to companies, so that they can demonstrate their adherence to EU privacy standards.

Source: EU privacy seal providers eagerly await official GDPR guidance

>