When the revised Data Protection Act came into force on 1 January 2008, the possibility of data protection certification was introduced. Carried out by completely private organisations, certification is intended to improve levels of data protection and data security. As this is an entirely new procedure, the Ordinance of 28 September 2007 on Data Protection Certification (DPCO) was issued.
Under Article 4 paragraph 3 DPCO, the Commissioner issues guidelines on the minimum requirements for data protection management systems. These include an appendix, explanatory notes and a number of diagrams. To see the documents, please click here: important documents.