How to get a certification mechanism approved?
Your organization has elaborated a certification mechanism and wishes to have its criteria approved by the CNIL, if it is national, or by the European Data Protection Board (EDPB), if it is a European project.
How does the CNIL support you?
The CNIL supports certification mechanism owners as soon as the development phase, in the context of a request for advice. The compliance tools department is by your side for any questions related to the approval procedure or the applicable methodology for certification under the GDPR. Contact the CNIL's compliance tools department here.
An initial exchange will allow you to ensure that the nature and scope of the proposed certification mechanism are fully compliant with the GDPR provisions and guidelines approved by the EDPB. Since the certification scheme owner drafts the criteria, and developing this tool takes several months, this initial support phase is crucial to ensure the proper direction of the work, both in terms of the certification scope and criteria accuracy. It is essential to anticipate that this support phase may last several months and involve numerous exchanges, depending on the quality of the file.
How to approve a national certification mechanism?
After submitting your request to the CNIL via the online service, an acknowledgment receipt will be sent if, after the initial review, your file is complete. A four-month period, extendable by two months, begins from the sending of this receipt.
- If your request concerns a certification mechanism established by the French Data Protection Act, the CNIL will process your application, which will then be submitted for approval by the Commission.
- If your request falls under Article 42 of the GDPR, the CNIL must forward your file to other European data protection authorities during the review process. An additional period of several months will be required to allow the exchange of information between the certification scheme owner, the CNIL, and its European counterparts.
Finally, the CNIL will approve your project.
Submit a Certification Mechanism to the CNIL
How to approve a European certification mechanism?
For EU Seal certifications, the initial steps for approving certification criteria are identical to those of a national certification. However, the final approval is carried out by the EDPB.
The EDPB's evaluation of certification criteria will focus particularly on their adaptation to national laws so that certification bodies can intervene in each member of the European Union.
Note: Certification mechanisms approved by the EDPB are available on the EDPB website.
