Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra Cookie Policy.



Industry certificates of data processing compliance

PrintMailRate-it

published on 24 January 2024 | reading time approx. 3 minutes


The President of the Polish Personal Data Protection Office has approved the additional requirements for accreditation of certification bodies. Certification bodies, which check the compliance of data processing activities of data controllers and processors, may get accreditation pursuant to the above-mentioned document. The accreditation will aim at improving transparency and observance of data protection standards taking account of the industry's specificity. Certification bodies will issue certification to applicants from various industries. The certification will be voluntary and will confirm the highest standard of compliance with data protection laws.

The certification process checks the compliance of data processing operations with the certification criteria approved by the supervisory authority. 

The additional requirements for accreditation of certification bodies have been signed after positive feedback from the European Data Protection Board. The document has been developed on the basis of Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679).

Certification in Poland will be done by certification bodies accredited by the Polish Accreditation Centre (PAC). The accreditation will be done pursuant to ISO/IEC 17065/2012 and the additional requirements for accreditation of certification bodies just approved by the President of the Personal Data Protection Office.

The Personal Data Protection Office has stated that the applicants will be allowed to develop the certification mechanisms, including the certification criteria, to account for their industry specificity.

 Universal data protection standards are not always sufficient. Guidance that accounts for industry specificity is often needed. Such detailed criteria verified by a certification body may help protect personal data better, which is the ultimate goal.

Pursuant to Article 12(1) of the Polish Personal Data Protection Act of 10 May 2018, bodies that seek data protection certification rights referred to in Article 43 GDPR will be accredited by the Polish Accreditation Centre. Accreditation will be granted according to the rules set out in Article 43(1)–(7) GDPR. 

The approval and publication of the additional requirements for accreditation of certification bodies does not mean that those seeking certification may right away apply to the PAC for the accreditation referred to in the General Data Protection Regulation. First, the market has to create certification mechanisms, including the certification criteria referred to in Article 42(5) GDPR because accreditation will follow a specific certification mechanism.

 DATA PROTECTION BITES

author

Contact Person Picture

Aneta Siwek

Attorney at Law

+48 32 721 23 94

Invia richiesta

 RÖDL & PARTNER POLAND

Discover more about our offices in Poland. Read more »
Deutschland Weltweit Search Menu