The day after May, 25, 2018? Privacy Protection Day (PP-day)

The EU-wide privacy protection games shall start on May 25 2018.

And the bet is high!

What is the value of the advice from your privacy professionals to become compliant with the GDPR on PP-day?

Is your organization really compliant on the day after?

Certify your organization to be sure!

[42] Article 42 of the GDPR allows an organization collecting and / or processing personal data to be certified: “demonstrating compliance with the GDPR of processing operations by controllers and processors.”

What is ‘acting in accordance with the GDPR’?

[24] This is explained in more detail in Article 24 of the GDPR: “Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation.”

In Article 24 GDPR the accountability of the controller is specified.

What does the accountability relate to?

[5] This accountability is initially linked in Article 5 to the principles of the GDPR:

The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 [the principles] (‘accountability’). ”

In other words, acting in accordance with the GDPR means correct compliance with the specified and implemented principles of the GDPR in the organization.

What does the implementation of the principles referred to in Article 5 of the GDPR relate to?

[83] Article 83 indicates the sanctions that apply to the non-correct compliance of the GDPR:

Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher:

  • the obligations of the controller and the processor pursuant to Articles 8, 11, 25 to 39, and 42 and 43.”


“Breaches of the following provisions shall be subject to administrative fines up to EUR 20 000 000 in accordance with paragraph 2 or, for an enterprise, up to 4% of the total worldwide annual turnover in the previous accounting year if this figure is higher:

  • the basic principles for processing, including conditions for consent, pursuant to Articles 5, 6, 7 and 9;
  • the data subjects’ rights pursuant to Articles 12 to 22;
  • the transfers of personal data to a recipient in a third country or an international organization pursuant to Articles 44 to 49;”

What does certification relate to?

Certification GDPR concerns the ensuring and demonstration of correct compliance with the articles referred to in Article 83, which fall within the penalties.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.