/Docs/G/EU-GDPR-Law-CmA/Sec/Article/42.md
  Source views: Source JSON(ish) on GitHub (VSCode)   Doc views: Document (&k=r00t): Visual Print Technical: OpenParameters Xray
Ti = Article 42 - Certification
1.sec = The Member States, the {_supervisory_authorities}, the {_Board} and the Commission shall encourage, in particular at Union level, the establishment of data protection certification mechanisms and of data protection seals and marks, for the purpose of demonstrating compliance with this Regulation of {_processing} operations by {_controllers} and {_processors}. The specific needs of micro, small and medium-sized enterprises shall be taken into account.
2.sec = In addition to adherence by {_controllers} or {_processors} subject to this Regulation, data protection certification mechanisms, seals or marks approved pursuant to paragraph 5 of this Article may be established for the purpose of demonstrating the existence of appropriate safeguards provided by {_controllers} or {_processors} that are not subject to this Regulation pursuant to Article 3 within the framework of {_personal_data} transfers to third countries or {_international_organisations} under the terms referred to in point (f) of Article 46(2). Such {_controllers} or {_processors} shall make binding and enforceable commitments, via contractual or other legally binding instruments, to apply those appropriate safeguards, including with regard to the rights of {_data_subjects}.
3.sec = The certification shall be voluntary and available via a process that is transparent.
4.sec = A certification pursuant to this Article does not reduce the responsibility of the {_controller} or the {_processor} for compliance with this Regulation and is without prejudice to the tasks and powers of the {_supervisory_authorities} which are competent pursuant to Article 55 or 56.
5.sec = A certification pursuant to this Article shall be issued by the certification bodies referred to in Article 43 or by the competent {_supervisory_authority}, on the basis of criteria approved by that competent {_supervisory_authority} pursuant to Article 58(3) or by the {_Board} pursuant to Article 63. Where the criteria are approved by the {_Board}, this may result in a common certification, the European Data Protection Seal.
6.sec = The {_controller} or {_processor} which submits its {_processing} to the certification mechanism shall provide the certification body referred to in Article 43, or where applicable, the competent {_supervisory_authority}, with all information and access to its {_processing} activities which are necessary to conduct the certification procedure.
7.sec = Certification shall be issued to a {_controller} or {_processor} for a maximum period of three years and may be renewed, under the same conditions, provided that the relevant requirements continue to be met. Certification shall be withdrawn, as applicable, by the certification bodies referred to in Article 43 or by the competent {_supervisory_authority} where the requirements for the certification are not or are no longer met.
8.sec = The {_Board} shall collate all certification mechanisms and data protection seals and marks in a register and shall make them publicly available by any appropriate means.
= [G/Z/ol/s8]