Why the certification process defined in the General Data Protection Regulation cannot be successful

Eric Lachaud

doi:10.1016/j.clsr.2016.07.001

Why the certification process defined in the General Data Protection Regulation cannot be successful

Eric Lachaud

LTMS, home of Tilt and Tilec

Research output: Contribution to journal › Article › Scientific › peer-review

Abstract

Abstract
This paper analyses the final version of Articles 42 and 43 dedicated to the certification procedures in the General Data Protection Regulation (hereinafter GDPR). It questions the introduction of this procedure in the data protection regulation framework and argues that the purposes assigned to the certification in the GDPR meet the needs of the different contributors to the preliminary discussions to the reform. It also argues that the processes defined in Articles 42 and 43 to issue the certification diverge from the commonly accepted practices in this activity and the processes suggested in the new regulation impede its chance to be successfully implemented.

Original language	English
Pages (from-to)	814-826
Number of pages	13
Journal	Computer Law and Security Review
Volume	32
Issue number	6
DOIs	https://doi.org/10.1016/j.clsr.2016.07.001
Publication status	Published - 1 Dec 2016

Fingerprint

data protection

Data privacy

certification

regulation

reform

Data protection

Certification

Keywords

Certification
certification mechanisms
GDPR

Cite this

Lachaud, E. (2016). Why the certification process defined in the General Data Protection Regulation cannot be successful. Computer Law and Security Review, 32(6), 814-826. https://doi.org/10.1016/j.clsr.2016.07.001

Lachaud, Eric. / Why the certification process defined in the General Data Protection Regulation cannot be successful. In: Computer Law and Security Review. 2016 ; Vol. 32, No. 6. pp. 814-826.

@article{4b6093c04f7144f1b7ba3e4715d241b6,

title = "Why the certification process defined in the General Data Protection Regulation cannot be successful",

abstract = "AbstractThis paper analyses the final version of Articles 42 and 43 dedicated to the certification procedures in the General Data Protection Regulation (hereinafter GDPR). It questions the introduction of this procedure in the data protection regulation framework and argues that the purposes assigned to the certification in the GDPR meet the needs of the different contributors to the preliminary discussions to the reform. It also argues that the processes defined in Articles 42 and 43 to issue the certification diverge from the commonly accepted practices in this activity and the processes suggested in the new regulation impede its chance to be successfully implemented.",

keywords = "Certification, certification mechanisms, GDPR",

author = "Eric Lachaud",

year = "2016",

month = "12",

day = "1",

doi = "10.1016/j.clsr.2016.07.001",

language = "English",

volume = "32",

pages = "814--826",

journal = "Computer Law and Security Review",

issn = "0267-3649",

publisher = "ELSEVIER ADVANCED TECHNOLOGY",

number = "6",

}

Lachaud, E 2016, 'Why the certification process defined in the General Data Protection Regulation cannot be successful', Computer Law and Security Review, vol. 32, no. 6, pp. 814-826. https://doi.org/10.1016/j.clsr.2016.07.001

Why the certification process defined in the General Data Protection Regulation cannot be successful. / Lachaud, Eric.

In: Computer Law and Security Review, Vol. 32, No. 6, 01.12.2016, p. 814-826.

Research output: Contribution to journal › Article › Scientific › peer-review

TY - JOUR

T1 - Why the certification process defined in the General Data Protection Regulation cannot be successful

AU - Lachaud, Eric

PY - 2016/12/1

Y1 - 2016/12/1

N2 - AbstractThis paper analyses the final version of Articles 42 and 43 dedicated to the certification procedures in the General Data Protection Regulation (hereinafter GDPR). It questions the introduction of this procedure in the data protection regulation framework and argues that the purposes assigned to the certification in the GDPR meet the needs of the different contributors to the preliminary discussions to the reform. It also argues that the processes defined in Articles 42 and 43 to issue the certification diverge from the commonly accepted practices in this activity and the processes suggested in the new regulation impede its chance to be successfully implemented.

AB - AbstractThis paper analyses the final version of Articles 42 and 43 dedicated to the certification procedures in the General Data Protection Regulation (hereinafter GDPR). It questions the introduction of this procedure in the data protection regulation framework and argues that the purposes assigned to the certification in the GDPR meet the needs of the different contributors to the preliminary discussions to the reform. It also argues that the processes defined in Articles 42 and 43 to issue the certification diverge from the commonly accepted practices in this activity and the processes suggested in the new regulation impede its chance to be successfully implemented.

KW - Certification

KW - certification mechanisms

KW - GDPR

U2 - 10.1016/j.clsr.2016.07.001

DO - 10.1016/j.clsr.2016.07.001

M3 - Article

VL - 32

SP - 814

EP - 826

JO - Computer Law and Security Review

JF - Computer Law and Security Review

SN - 0267-3649

IS - 6

ER -

Lachaud E. Why the certification process defined in the General Data Protection Regulation cannot be successful. Computer Law and Security Review. 2016 Dec 1;32(6):814-826. https://doi.org/10.1016/j.clsr.2016.07.001

Access to Document

10.1016/j.clsr.2016.07.001