In May 2018, the General Data Protection Regulation (GDPR) was introduced, which some saw as a lucrative opportunity for businesses with data protection labels. Articles 42 and 43 of the GDPR are responsible for introducing certification processes for GDPR compliance across Europe for the first time. However, prior to commencing the certification process, accreditation from an official body is necessary. Germany lacked such a body for a considerable amount of time, but in 2021, the German Accreditation Body (DAkkS) was established.
In episode 82 of the c’t data protection podcast, lawyer Dr. Sebastian Kraska discusses the status of the German GDPR certification system. Hosts Holger Bleich and Heise legal advisor Joerg Heidrich question Kraska on the diverse range of certification options available, including the certification of people such as data protection officers or auditors. Furthermore, the discussion delves into the distinctions between product and management certifications, explaining how certification operates and where to apply for it.
In addition to detailing the various certification procedures, Kraska also highlights alternative products which do not certify GDPR compliance, such as those based on the recent ISO standard 27701. To access episode 82 of the c’t data protection podcast, click on the link provided.
