European Union: Adopted EDPB Guidelines 07/2022 on certification as a tool for transfers

On 14 February 2023, the European Data Protection Board (EDPB) adopted the “Guidelines 07/2022 on certification as a tool for transfers”. The main purpose of the Guidelines is to provide guidance on the application of Article 46 (2) (f) of the GDPR on transfers of personal data to third countries and international organisations through the mechanism of certification. The Guidelines supplement the already existing general Guidelines 1/2018. In particular, the Guidelines list specific certification criteria regarding adequate safeguards for transfer, including the assessment of target country legislation, exporters' and importers' general obligations, and rules on onward transfers, among others. Furthermore, the Guidelines provide elements that should be addressed in the binding commitments made by controllers or processors not subject to the GDPR to esure appropriate safeguards for data transferred to third countries.