European Union: Luxemburg Supervisory Authority requests opinion on GDPR-CARPA certification scheme from European Data Protection Board

On 1 October 2021, the Luxemburg Supervisory Authority (SA) requested an opinion from the European Data Protection Board (EDPB) on its General Data Protection Regulation Certified Assurance Report based on Processing Activities (GDPR-CARPA). The GDPR-CARPA represents a general scheme that contains specific requirements regarding data protection governance and criteria that have to be met by organizations that wish to act as processors and controllers of GDPR compliance. The certification scheme has to be approved by the EDPB in order to be included in the register of certification mechanisms and data protection seals in line with the GDPR.