Pursuant to Article 15 of the Data Protection Act, any person with an intention to become a certification body pursuant to the GDPR must be certified by the special body designated to act as a “certification office” pursuant to Act No. 22/1997 Coll. on technical requirements of the products. In the Czech Republic, the certification office is the Czech Institute for Accreditation.
The Czech Data Protection Authority published a Q&A about the certification procedure (in Czech).
The most significant information is that controllers or processors interested in becoming certified cannot get a certificate at this moment because the Czech Data Protection Authority has not published a relevant document specifying the criteria for certification. The Czech Data Protection Authority will inform the public about certification possibilities as soon as the certification scheme is ready.
