1 Scope
This document specifies baseline requirements intended to support the data protection
certification mechanism requested by Article 42 of the GDPR to demonstrate compliance
in accordance with EN ISO/IEC 17065.
It does not however apply to products or management systems destined for processing
personal data.
This document is applicable to all organizations which, as personal data controllers
and/or processors, process personal data, and its objective is to provide a set of
requirements supporting such organizations in demonstrating compliance with the EU
personal data protection normative framework
This document is applicable to all of an organization’s processing activities or to
a specific subset of these if such a decision does not involve failure to conform
with the EU personal data protection normative framework.
This document also provides indications for conformity assessment with the aforementioned
requirements.