The European Commission has released a study on GDPR data protection certification mechanisms. The study’s key takeaways include: the GDPR does not limit the subject matter to one specific area; valuable insight can be gained from analyzing existing certifications, assessment methodologies, contractual arrangements and audit processes in other industries; data protection authorities will need to rely on guidance and knowledge from other fields; several challenges around harmonization may arise if EU Member States adopt different accreditation models; and there is a structural lack of knowledge in the market regarding available technical standards relevant to data protection.
