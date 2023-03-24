When the General Data Protection Regulation (GDPR) came into effect in May 2018, some sensed the big business with data protection labels. Articles 42 and 43 of the GDPR enabled Europe-wide harmonized certification processes for the first time: It should be possible to check products and services for GDPR compliance.

But before certification providers can start, they must be accredited by an official body in accordance with the GDPR. And it was precisely at such a point that Germany was missing for a long time. 2021 has the German Accreditation Body (DAkkS) started their work. Episode 82 of the c’t data protection podcast is about the state of the German GDPR certification system.

dr Sebastian Kraska podcasting in his office at Munich’s Viktualienmarkt

Editor Holger Bleich and Heise legal advisor Joerg Heidrich have a say Attorney Dr. Sebastian Kraska. The data protection specialist has been dealing with all the shallows of certification for years and chats a little out of the box in the episode. Together with Kraska, Bleich and Heidrich go through all possible forms, starting with ways to certify people, such as data protection officers or auditors.

Then Kraska explains the differences between product and management certifications. He describes how certification works and where you can apply for it. It is also about alternative products that are based, for example, on the fairly new ISO standard 27701, but do not certify GDPR conformity.

Episode 82:

