The certificate is issued by the Chairman of the Personal Data Protection Office or certifying bodies (Art. 15 Data Protection Act). The Chairman will publish the criteria of certification mentioned in Art. 42(5) GDPR (Art. 16 Data Protection Act; the criteria are not available yet).
Application for certification
An application for certification must contain the following information: the name of the applying entity and its address, the information confirming the fulfillment of the certification criteria and the indication of the scope of requested certification (Art. 17(1) Data Protection Act). It is possible to apply in paper form or electronically (Art. 17(3) Data Protection Act). The SA must examine the application within 3 months (Art. 18 Data Protection Act).
The SA is authorized to carry out the inspections to assess the organization’s compliance with the certification criteria (Art. 24 Data Protection Act).