Journal of Information Security Reserach ›› 2021, Vol. 7 ›› Issue (11): 1071-.
Previous Articles Next Articles
Online:
Published:
解彦曦1) 张 弛2)
通讯作者:
作者简介:
Abstract: With the development of personal information protection, the need for data protection certification has become increasingly prominent. Valuable lessons can be learned from data protection certification mechanisms introduced by the General Data Protection Regulation (the GDPR) along with their practices. This article investigates and analyzes the framework of GDPR certification, including its legal basis, purpose, and the distribution of roles in data protection certification mechanisms. The article then sorts out the certification and accreditation mechanisms under 42&43 GDPR, summarizes the progress of GDPR certification, and discusses aspects of the data protection certification mechanisms which need to be further specified. Based on the above analysis, the article unifies China’s actual situation of personal information protection and puts forward suggestions for researching and establishing the personal information protection certification system.
Key words: GDPR, EU, certification, accreditation, data protection
摘要: 随着个人信息保护工作的推进,相关认证需求日益凸显。欧盟《通用数据保护条例》(GDPR)提出的数据保护认证制度和相关实践可提供重要参考。论文研究分析了GDPR认证制度框架,包括认证制度的法律依据、作用、相关角色等,梳理其认证机制和认可机制,总结了认证制度的进展情况和仍需研究明确的主要问题。基于上述分析,论文结合我国个人信息保护工作实际情况,提出了研究建立个人信息保护认证体系的建议。
关键词: 通用数据保护条例, 欧盟, 认证, 认可, 数据保护
解彦曦 张弛. 欧盟《通用数据保护条例》数据保护认证制度研究[J]. 信息安全研究, 2021, 7(11): 1071-.
0 / / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: http://www.sicris.cn/EN/
http://www.sicris.cn/EN/Y2021/V7/I11/1071
[1] 京东法律研究院. 欧盟数据宪章——《一般数据保护条例》(GDPR)评述及实务指引[M]. 北京: 法律出版社, 2018.
[2] 林梓瀚. 基于数据治理的欧盟法律体系建构研究[J]. 信息安全研究, 2021, 7(4): 335-341.
[3] Kamara I, Leenes R, Lachaud E, et al. Data protection certification mechanisms: Study on Articles 42 and 43 of the Regulation (EU) 2016/679 [R]. Brussels: European Commission - DG Justice & Consumers, 2019.
[4] The European Data Protection Board. Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation [EB/OL]. (2019-06-04) [2021-04-20]. https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-12018-certification-and-identifying_en
[5] The European Data Protection Board. Guidance on certification criteria assessment (Addendum to Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation) [EB/OL]. (2021-04-14) [2021-04-20]. https://edpb.europa.eu/our-work-tools/documents/public-consultations/2021/guidance-certification-criteria-assessment_en
[6] The European Data Protection Board. Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679) - version adopted after public consultation [EB/OL]. (2018-12-14) [2021-04-20]. https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-42018-accreditation-certification-bodies-under_en