Certification and liability of the data controller
This paper aims to analyse a tool of the so-called “soft law”, that is the certification in the field of data protection. Art. 42, paragraph 2 of EU Regulation 2016/679 defines certification as voluntary. However, it is, more appropriately, a regulated certification, since it is based on rules issued by official institutions: particularly, certification criteria are approved by the competent authority or by the Board.