June 20, 2022
At its 66th plenary session on 14/15 June 2022, the EDPB adopted guidelines on certification as a tool for transfers.
Article 46(2)(f) of the GDPR introduces approved certification mechanisms as a new tool to transfer personal data to third countries in the absence of an adequacy agreement. The main purpose of the EDPB guidelines is to provide further clarification on the practical use of this transfer tool.
The guidelines are composed of four parts, each focusing on specific aspects regarding certification as a tool for transfers:
- the purpose and scope and the different actors involved;
- implementing guidance on accreditation requirements for certification bodies;
- specific certification criteria for the purpose of demonstrating the existence of appropriate safeguards for transfers; and
- the binding and enforceable commitments to be implemented.
The guidelines complement EDPB guidelines 1/2018 on certification, which provide more general guidance on certification. Once published, the guidelines will be subject to public consultation until the end of September 2022. To read the EDPB’s announcement in full, click here.