CERTIFICATION
Personal data processing according with GDPR
Approved certification mechanisms

According to art. 24 of GDPR (Obligations of the controller), taking into account the nature, scope, context and purposes of processing as well as the risk of violating the rights and freedoms of natural persons with varying probability and severity of threat, the controller implements appropriate technical and organizational measures to ensure that the processing takes place in accordance with the GDPR and must be in order to demonstrate this. These measures are reviewed and updated as necessary. Application of the approved certification mechanism referred to in art. 42 GDPR, may be used as an element to determine the controller’s compliance with his obligations.

In order to ensure compliance with the requirements of the GDPR in the event of entrusting the processing of personal data, the controller should, when entrusting processing activities to a processor, use the services of only processors that provide sufficient guarantees – in particular in terms of expertise, reliability and resources – of implementing technical and organizational requirements that meet the requirements of the GDPR, including processing security requirements. The use of an approved certification mechanism by the processor may serve as an element to demonstrate compliance with the controller’s obligations.

The “Privacy By Design” Team provides support to national and international organizations located in and outside the EEA in the process of certification, in accordance with the approved certification mechanism referred to in art. 42 GDPR!!!