EDPB Guidelines on certification as a transfer tool

Guidelines 07/2022 on certification as a tool for transfers

The Guidelines focus on certification as a new mechanism for international data transfers.These guidelines are divided into four parts, beginning with general guidance on using certification as a transfer tool, including the roles of data exporters and importers and the process for obtaining certification. The second part details accreditation requirements for certification bodies, while the third part provides specific criteria for certification mechanisms, covering aspects like third-country legislation assessment, obligations of exporters and importers, and rules on onward transfers. The fourth part discusses binding and enforceable commitments required from controllers or processors outside the GDPR's jurisdiction to provide appropriate safeguards. An annex offers examples of supplementary measures for using certification in data transfers.