On June 30, 2022, the European Data Protection Board published draft guidelines on certification as a tool for transfers. These guidelines complement the EDPB’s earlier guidelines on certification and identifying certification criteria.
These guidelines and the guidelines on codes of conduct as tools for transfers appear to be part of the EDPB’s broader response to the Schrems II decision issued by the Court of Justice of the European Union (“CJEU”), which invalidated the EU-US Privacy Shield framework. The approval of certification schemes expands the toolbox available under Art. 46 GDPR for lawfully transferring personal data outside the EEA.