Certification mechanisms will enable organisations to demonstrate compliance to other organisations through the use of data protection seals or marks. They might also demonstrate the existence of appropriate safeguards for practices required under data protection regulation, such as international data transfers.
Certification mechanisms must remain voluntary and by their nature, will be a measure based upon the time of certification and will be limited to a maximum period of three years. The certification can be withdrawn if the terms are no longer being met.
Certifications for International Data Transfer
Transferring data internationally requires either the receiving country to be deemed adequate or appropriate safeguards to be in place. One such set of safeguards are certification mechanisms.
At the time of writing, few approved certification mechanisms exist, therefore there is a limited opportunity available to apply this safeguard.