Certification of the processing of personal data
A certificate intended to demonstrate that the processing of personal data by the controller or the processor complies with the provisions of the data protection legislation may be granted.
Certification is not mandatory, but only a voluntary means for companies, governments and others who work with personal data to demonstrate that data protection laws are being followed in the processing.
Certification does not reduce the obligation of those who process personal data to comply with the provisions of the data protection legislation. On the contrary, it is intended to ensure and demonstrate that this is done. Certification does not affect the statutory tasks and powers of the Data Protection Authority.
Certification issuer
Certification bodies accredited by the Achievement Area of the Intellectual Property Office may provide certification on the basis of criteria approved by the Data Protection Authority or the European Data Protection Supervisory Authority.
Duration of certification
Certification is issued to the controller or processor for a maximum period of three years at a time. It may be renewed on the same terms if the criteria for certification are still fulfilled. However, the Data Protection Authority or the certification bodies shall revoke certification if the criteria for certification are not fulfilled.
