ShareEmailLinkedInXWhatappsFacebook
feedback
Share

What is the difference between regular GDPR certification and Art. 46 certification?

The GDPR contains 73 references to certification, more than all references to other mechanisms such as SCC, BCR and CC.

𝐓𝐡𝐞 𝐆𝐃𝐏𝐑 𝐝𝐢𝐟𝐟𝐞𝐫𝐞𝐧𝐭𝐢𝐚𝐭𝐞𝐬 𝐭𝐰𝐨 𝐤𝐢𝐧𝐝𝐬 𝐨𝐟 𝐜𝐞𝐫𝐭𝐢𝐟𝐢𝐜𝐚𝐭𝐢𝐨𝐧:
• 📘 𝐑𝐞𝐠𝐮𝐥𝐚𝐫 𝐆𝐃𝐏𝐑 𝐜𝐞𝐫𝐭𝐢𝐟𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐮𝐧𝐝𝐞𝐫 𝐀𝐫𝐭. 𝟒𝟐 𝐆𝐃𝐏𝐑
• 🌍 𝐆𝐃𝐏𝐑 𝐜𝐞𝐫𝐭𝐢𝐟𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐮𝐧𝐝𝐞𝐫 𝐀𝐫𝐭. 𝟒𝟔 𝐆𝐃𝐏𝐑 

While both articles, Art. 42 and 46 GDPR refer to each other, they aim at different applications. 

Art. 42 provides the general requirements applicable to GDPR certification schemes and criteria.
Art. 43 specifies the rules applicable to certification bodies delivering such certification. 

𝐓𝐨𝐠𝐞𝐭𝐡𝐞𝐫, 𝐭𝐡𝐞𝐲 𝐩𝐫𝐨𝐯𝐢𝐝𝐞 𝐚 𝐜𝐥𝐞𝐚𝐫 𝐟𝐫𝐚𝐦𝐞𝐰𝐨𝐫 𝐟𝐨𝐫 𝐆𝐃𝐏𝐑 𝐜𝐞𝐫𝐭𝐢𝐟𝐢𝐜𝐚𝐭𝐢𝐨𝐧. 

For simplicity, this can be referred to as 𝐫𝐞𝐠𝐮𝐥𝐚𝐫 𝐆𝐃𝐏𝐑 𝐜𝐞𝐫𝐭𝐢𝐟𝐢𝐜𝐚𝐭𝐢𝐨𝐧, available to any data controller or processor subject to the GDPR — including those established in the EU/EEA, as well as those collecting personal data in Europe (Art. 3(2) GDPR). 

𝐓𝐡𝐞 𝐜𝐞𝐫𝐭𝐢𝐟𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐮𝐧𝐝𝐞𝐫 𝐀𝐫𝐭. 𝟒𝟔 𝐆𝐃𝐏𝐑 𝐢𝐬 𝐬𝐩𝐞𝐜𝐢𝐟𝐢𝐜𝐚𝐥𝐥𝐲 𝐭𝐚𝐢𝐥𝐨𝐫𝐞𝐝 𝐟𝐨𝐫 𝐝𝐚𝐭𝐚 𝐢𝐦𝐩𝐨𝐫𝐭𝐞𝐫𝐬 outside the EU/EEA, processing personal data from Europeans without being subject to GDPR under Art. 3. 

These entities receive data from a European “data exporter”.
To be legally valid, certification must be complemented by 𝐛𝐢𝐧𝐝𝐢𝐧𝐠 𝐚𝐧𝐝 𝐞𝐧𝐟𝐨𝐫𝐜𝐞𝐚𝐛𝐥𝐞 contractual instruments.
If both conditions are met, certification can be used as a mechanism for international data transfers. 

⚖️ 𝐖𝐡𝐢𝐥𝐞 𝐛𝐨𝐭𝐡 𝐦𝐞𝐜𝐡𝐚𝐧𝐢𝐬𝐦𝐬 𝐚𝐫𝐞 𝐜𝐥𝐨𝐬𝐞𝐥𝐲 𝐜𝐨𝐧𝐧𝐞𝐜𝐭𝐞𝐝, they serve different audiences: 

  • Regular certification → for entities subject to GDPR
    • Art. 46 certification → for data importers

𝐀𝐫𝐞 𝐲𝐨𝐮 𝐞𝐥𝐢𝐠𝐢𝐛𝐥𝐞? 

In principle, yes – you will fall into one of the two categories:
• If you are subject to GDPR (Art. 3) → you can apply for regular certification
• If not → you can apply as a data importer 

However, if you are located in a country that does not protect personal data against excessive government access, you may face difficulties meeting certification requirements. 

📢 Register for our 𝐝𝐞𝐝𝐢𝐜𝐚𝐭𝐞𝐝 𝐰𝐞𝐛𝐢𝐧𝐚𝐫 on Tuesday, May 5th at 16:00 CEST to learn more: https://academy.europrivacy.com/events/gdpr-certification-goes-global/ 

📩 𝐂𝐨𝐧𝐭𝐚𝐜𝐭 𝐮𝐬 to get an introduction call or offers from our partners: https://www.europrivacy.org/es/contact/contact-us  

𝐁𝐮𝐢𝐥𝐝𝐢𝐧𝐠 𝐭𝐫𝐮𝐬𝐭 𝐚𝐧𝐝 𝐜𝐨𝐧𝐟𝐢𝐝𝐞𝐧𝐜𝐞 𝐢𝐧 𝐝𝐚𝐭𝐚 𝐩𝐫𝐨𝐭𝐞𝐜𝐭𝐢𝐨𝐧, 𝐧𝐨𝐰 𝐛𝐞𝐲𝐨𝐧𝐝 𝐛𝐨𝐫𝐝𝐞𝐫𝐬! 

The post What is the difference between regular GDPR certification and Art. 46 certification? appeared first on Europrivacy Community.

22/04/2026 - 14:00