Article 43 of the GDPR: Certification bodies

Summary

Article 43 of the GDPR explained
Why is this article important for your GDPR compliance?
How to comply with Article 43 of the GDPR?
Examples of application of Article 43 of the GDPR
Related Resources
Accelerate your compliance in just a few clicks

Article 43 of the GDPR defines the conditions d’accreditation of certification bodies which issue GDPR compliance certifications. These organizations play an essential role in the objective evaluation of data processing.

Article 43 of the GDPR explained

For an organization to be able to issue GDPR certifications, it must:

Be accredited by the supervisory authority (e.g. CNIL) or by a national accreditation body;
Meet defined criteria (competence, independence, impartiality, transparency...);
Submit all of its evaluation criteria and procedures for approval;
Submit to regular checks by the supervisory authority.

The certifications issued must in no way reduce the liability of the data controller.

Why is this article important for your GDPR compliance?

Certification issued by an accredited organization allows you to guarantee the reliability of your compliance process. It reinforces the credibility of the evaluation carried out and offers official recognition of your commitments.

How to comply with Article 43 of the GDPR?

Verify that the certification body is accredited according to the criteria of Article 43;
Find out about the benchmarks used and the evaluation procedures;
Anticipate future audits and controls;
Integrate this approach into your GDPR governance.

Examples of application of Article 43 of the GDPR

A company obtains Europrivacy certification issued by an accredited body according to the rules of Article 43;
A company refuses a false GDPR certification because the organization was not recognized;
A subcontractor chooses a standard certified by an accredited organization to prove its conformity.