Why the certification process defined in the General Data Protection Regulation cannot be successful

This paper analyses the final version of Articles 42 and 43 dedicated to the certification procedures in the General Data Protection Regulation (hereinafter GDPR). It questions the introduction of this procedure in the data protection regulation framework and argues that the purposes assigned to the certification in the GDPR meet the needs of the different contributors to the preliminary discussions to the reform. It also argues that the processes defined in Articles 42 and 43 to issue the certification diverge from the commonly accepted practices in this activity and the processes suggested in the new regulation impede its chance to be successfully implemented.