Agencia española de protección de datos

The AEPD introduced alongside ENAC its certification scheme of delegates of data protection

  • The Agency becomes the first European Authority protection
  • The goal is to provide security and reliability both professionals of privacy as enterprises and entities that are going to incorporate the concept of DPD their organizations
  • Certifications are granted by entities accredited by ENAC, following certification criteria developed by the AEPD in collaboration with the sectors affected
  • The development of outline has enjoyed the participation of a technical committee of experts, including representatives of sectors and professional associations, business, universities and public administrations

(Madrid, 13 July 2017). The Spanish Agency of data protection (AEPD), in collaboration with the national accreditation Entity (ENAC), today introduced its Certification scheme of delegates of data protection . Its elaboration has enjoyed the participation of a technical committee of experts formed by 23 members, including representatives of sectors and professional associations, business, universities and Public administrations. The AEPD thus becomes the first European authority that performs a certification scheme of delegates of data protection (DPD).

The AEPD has chosen to promote a system of certification of DPD with the aim of providing security and reliability both professionals of privacy as enterprises and entities that are going to incorporate this figure their organizations, offering a mechanism that allows you to certify that the DPD together the professional qualifications and skills required. Certifications are granted by certification authorities duly accredited by ENAC, following criteria for accreditation and certification produced by the AEPD in collaboration with the sectors concerned.

Certification is not the only way to be DPD and in no case will be mandatory use a particular schema, while the agency has considered necessary to offer a reference point to the market on the contents and elements of a certification mechanism that can serve as for credit guarantee qualification and professional capacities candidates for Delegate of data protection.

“ to promote a certification system of delegates of data protection is a useful tool when assessing candidates to meet these positions professional qualifications and knowledge ”, has highlighted the director of the Spanish Agency of data protection, Mar España, during the presentation of outline, stressing “ the great importance of professionals of privacy as a key element for the development of a digital economy innovative and at the same time respects the rights of citizens ”. For its part, the director general of ENAC, Beatriz Rivera, has stressed that “ the accredited certification will bring to organizations that require a Delegate of data protection reliable information, transparent and symmetrical on professionals, allowing them to an informed choice and based on competences ”.

The certification scheme of delegates of data protection of the agency is divided into three parts: the AEPD as owner and responsible ENAC outline, as the requirements that must meet the certifiers, and finally the certification entities themselves. The Agency believes that this division is a factor of quality for the certification process, since the three separate entities with separate functions establish a relationship of trust and mutual responsibility.

The creation of this certification scheme of delegates of data protection of the AEPD is the starting point in a process of continuous improvement and constant revision that will be required replenish after its launch with practical experience of certifying and accrediting. In this regard, the agency and ENAC have signed a collaboration agreement to coordinate their actions within their respective activities and competences.

The delegate of data protection in the RGPD

The General rules of data protection (RGPD) , which applies on 25 May 2018, sets out a series of “ measures of active responsibility ” by those who seek data to safeguard the fundamental right of citizens. These include the compulsory appointment a delegate of data protection (DPD) in the case of public authorities and agencies, entities that make a routine and systematic observation of people on a large scale, and entities that have among its main activities treatment, also on a large scale, sensitive data. The DPD thus constitutes one of the key elements of adaptation to and a RGPD guarantor of compliance with the data protection regulations in organizations.

Global vocation certification scheme's DPD

Both the development of outline by AEPD as processes that certification entities will continue to evaluate the powers of DPD have established following the criteria of the international standard ISO / IEC 17024:2012. The backing and constant monitoring of ENAC, bring the confidence that will guarantee the global recognition these certifications.

This is possible thanks to multilateral agreements of recognition (MLA) that ENAC has signed in the International Accreditation Forum (IAF) and the manifest willingness ENAC of collaboration with the organization of European accreditors (European Accreditation) to continue pushing an accreditation infrastructure confidence that brings anywhere in the world.