DATA PROTECTION
CNIL: consultation for a data processor certification scheme.
The French data protection authority, CNIL, has launched a consultation for a data processor certification scheme under GDPR, open to European organizations that process personal data on behalf of a data controller.
CNIL highlighted that any organizations established in Europe that processes personal data on behalf of a data controller will be eligible to apply for the certification. Small and medium-sized enterprises are encouraged to apply. Processors' obligations apply to all organizations that process data on behalf of a data controller, and may include: IT service providers;software integrators; IT security companies; digital service companies that have access to data; marketing or communication companies.
The certification is designed to be generalist, covering a wide range of data processing activities, and includes 90 control points across five parts, from contracting to action plans during the three-year certification period. Small and medium-sized enterprises are particularly encouraged to apply, and public feedback is invited until February 28, 2025.
CNIL highlighted that any organizations established in Europe that processes personal data on behalf of a data controller will be eligible to apply for the certification. Small and medium-sized enterprises are encouraged to apply. Processors' obligations apply to all organizations that process data on behalf of a data controller, and may include: IT service providers;software integrators; IT security companies; digital service companies that have access to data; marketing or communication companies.
The certification is designed to be generalist, covering a wide range of data processing activities, and includes 90 control points across five parts, from contracting to action plans during the three-year certification period. Small and medium-sized enterprises are particularly encouraged to apply, and public feedback is invited until February 28, 2025.
