According to Art. 42 (1) GDPR the establishment of data protection certification mechanisms and of data protection seals and marks should be promoted for the purpose of demonstrating compliance with the GDPR of processing operations by controllers and processors. The specific needs of micro, small and medium-sized enterprises shall be taken into account. EIPACC operates at the core of this rationale.