§ GDPR · Article 42
GDPR Article 42: Obligations, Deadlines & Penalties
At a glance
Article 42 of the GDPR imposes 3 obligations on Member States, controllers, processors and 3 other entity type(s).
§ Obligations
All obligations under Article 42
Obligation 1
Member States, supervisory authorities, the Board, and the Commission shall encourage the establishment of data protection certification mechanisms, seals, and marks to demonstrate compliance.
Regulation (EU) 2016/679, Article 42, Article 42
- Obligated entity
-
Member States, supervisory authorities, the Board, the Commission
- Action required
-
encourage
- Deadline
-
—
- Penalty
-
—
Obligation 2
The specific needs of micro, small, and medium-sized enterprises shall be taken into account when establishing certification mechanisms.
Regulation (EU) 2016/679, Article 42, Article 42
- Obligated entity
-
Member States, supervisory authorities, the Board, the Commission
- Size threshold
- micro, small and medium-sized enterprises
- Action required
-
take into account
- Deadline
-
—
- Penalty
-
—
Obligation 3
Controllers or processors not subject to the Regulation but using certification for international transfers shall make binding and enforceable commitments to apply appropriate safeguards.
Regulation (EU) 2016/679, Article 42, Article 42
- Obligated entity
-
controllers, processors
- Action required
-
make commitments
- Deadline
-
—
- Penalty
-
—
- Exemptions
- controllers or processors subject to this Regulation
§ Frequently asked
Questions about Article 42
Who must comply with Article 42 of the GDPR?
+
Member States, controllers, processors, supervisory authorities, the Board, the Commission.
What does Article 42 of the GDPR require?
+
encourage take into account make commitments