The European Commission's Study on GDPR certification mechanisms ex art.42 and 43, which came out in final version in the past few days, highlights that ISDP©10003 is among the 15 best certification schemes internationally and one of the two that are compliant with the purpose set out in art. 42 of the GDPR.

Certification is a reality. Released EDPB Guidelines 1/2018 and 4/2018 on accreditation and certification there remains the question of which scheme to use. 
ISDP©10003 is the Italian scheme accredited by Accredia that meets the requirements also indicated by the EC.

The study was commissioned from the prestigious Tilburg University in order to verify the opportunities already present at the European level in the area of certification. 

The process was as follows: 

The study in an initial phase, examined 117 schemes globally that met the following criteria:

• fully oriented to data protection
• Partially oriented to data protection
• Which related topic (e.g., cyber security)

Of these schemes, only 15 were selected as more in-depth case studies because they met more stringent requirements, such as:

• Purpose
• Regulatory criteria
• Arrangements
• Conformity assessment
• Issuing certificates
• Renewal
• Monitoring
• Management of penalties
• Compliance and complaints management

In the table below, selected schemes are shown, based on two criteria:

• national vs. international models
• Partial GDPR templates vs all-inclusive GDPR templates.

ISDP©10003 certification is full Eu Wide Model, internationally valid and all-inclusive GDPR.

The study also provides for each scheme, the advantages and disadvantages; among the most relevant disadvantages it is worth mentioning, as a determinant for future choices, being outside the scope of Article 42 of the GDPR.

The purpose of the study was as follows.

• Explain Articles 42 and 43 and relate them to terminology specific to the "certification industry" (ISO 17065:2012)
• Mapping existing certification schemes in member states and at the level of major trading partners (117 total) by selecting them based on substantive and procedural requirements and correlating them with technical standards by assessing their advantages and disadvantages in detail (15 selected)
• Provide recommendations (Article 43.8) based on item 2 for:  
  - criteria for certifications (Article 42.5) 
  - additional requirements for accreditation of certification bodies - technical standards for certification and mechanisms to promote and recognize these certification mechanisms, seals and marks (Article 43.9) 
  - identification of any appropriate safeguards in relation to transfers of personal data to third countries.

So the European Commission has begun to indicate boundaries within which certifications will have to move, ISDP©10003 is officially within the European framework.