Article 42: Certification

Article 42.01

1 The Member States, the supervisory authorities, the Board and the Commission shall encourage, in particular at Union level, the establishment of data protection certification mechanisms and of data protection seals and marks, for the purpose of demonstrating...

Article 42.02

1 In addition to adherence by controllers or processors subject to this Regulation, data protection certification mechanisms, seals or marks approved pursuant to paragraph 5 of this Article may be established for the purpose of demonstrating the existence...

Article 42.03

The certification shall be voluntary and available via a process that is transparent.

Article 42.04

A certification pursuant to this Article does not reduce the responsibility of the controller or the processor for compliance with this Regulation and is without prejudice to the tasks and powers of the supervisory authorities which are competent pursuant...

Article 42.05

1 A certification pursuant to this Article shall be issued by the certification bodies referred to in  Article 43  or by the competent supervisory authority, on the basis of criteria approved by that competent supervisory authority pursuant to  Article 58...

Article 42.06

The controller or processor which submits its processing to the certification mechanism shall provide the certification body referred to in Article 43 , or where applicable, the competent supervisory authority, with all information and access to its ...

Article 42.07

1 Certification shall be issued to a controller or processor for a maximum period of three years and may be renewed, under the same conditions, provided that the relevant criteria continue to be met. 2 Certification shall be withdrawn, as applicable, ...

Article 42.08

The Board shall collate all certification mechanisms and data protection seals and marks in a register and shall make them publicly available by any appropriate means.