In summary, there are the following five key advantages for data controllers and processors using certificates, codes of conduct or binding corporate rules:
Certificates can demonstrate compliance with the privacy-by-design requirement under Article 25 GDPR.
Certificates and codes of conduct can demonstrate compliance with the security-by-design requirements under Article 32 GDPR.
Certificates and codes of conduct can demonstrate compliance with the principle of responsibility (i.e. with GDPR requirements, in general) under Article 24 GDPR.
In the case of a data protection infringement, the adherence to certificates or codes of conduct can decide on whether an administrative fine is imposed or on its amount.
Certificates, codes of conduct and binding corporate rules can provide for appropriate safeguards legitimizing the transfer of personal data to a third country outside the EU (this is particularly important for the USA and will soon be for the UK).