Audit and certify your conformity in data protection with Europrivacy.

Certification to ensure conformity of your data processing activities demonstrates the commitment to minimise risks, improve reputation and build trust and confidence.

It is increasingly important to take adequate steps towards the adoption of appropriate security measures for the protection of personal data. EuroprivacyTM/® prepares and supports clients in certifying the conformity of their data processing activities with Europrivacy and the European General Data Protection Regulation (GDPR).

What is Europrivacy – A GDPR by Design Certification

The Europrivacy certification scheme has been developed through the European research programme financed by the European Commission. It is designed to address the specific obligations of the GDPR and to serve as official certification scheme under article 42 of the GDPR. It has been developed by experts in data protection in consultation with national supervisory authorities. The certification scheme is managed and continuously updated by the European Centre for Certification and Privacy (ECCP) in Luxembourg and its International Board of Experts in data protection.

Europrivacy is applicable to all sorts of data processing, including emerging technologies, it enables to document, assess, and certify their conformity with the GDPR and complementary national data protection regulations. It enables you to select priority data processing activities and progressively certify them once they are ready.

The GDPR contains over 70 references to certification to demonstrate the conformity of processing activities with the European regulation, including for selecting data processors with adequate level of data protection and for authorizing cross-border data transfers.

Non-conformity with the GDPR carries important legal and financial risks, which are hidden costs until a company is fined up to 20 million or 4% of its worldwide turnover (art.83.5 GDPR). A GDPR certification reduces legal and financial risks and can save substantial costs. Europrivacy certificates demonstrate a company engagement in protecting personal data and to be a trustable service provider for its customers, as well as a reliable data processor for its business partners.

Companies with certified data processing position themselves as front-runners in data protection with a strong competitive advantage on the market. As a company is also liable for the choice of its data processors, it can require from them to certify their services in order to protect itself and to reduce its legal and financial risks at no cost.

Europrivacy is closely aligned with ISO standards and complements management system certifications, such as ISO/IEC 27001 or 27701. While the latter enables the certification of the quality of an information management system, Europrivacy has been designed to certify compliance of data processing activities with the GDPR and complementary national data protection regulations, in accordance with the guidance of the European Data Protection Board (EDPB). It is the first scheme that has been submitted by a European national data protection authority to the EDPB as part of the endorsement process by the EU as a European certification scheme under the Art. 42 of the GDPR.

Europrivacy is delivered by qualified Certification Bodies gathering adequate legal and technical expertise. The certification is aligned with the applicable ISO/IEC 17065 and 17021-1 principles. It combines various methodologies, such as documentation review, sampling analysis, technical tests, inspections, and interviews. Delivered certificates can be verified and authenticated on the public Europrivacy Registry, enhanced with Blockchain technology to maximize authentication, reliability and transparency of certificates.

Benefits of becoming certified

The potential benefits are numerous, ranging from the ability to identify and reduce legal and financial risks through the Europrivacy audit and gap analysis to the improvement of reputation and access to the market through the Europrivacy GDPR certification but there are more reasons to choose Europrivacy, some of which include:

  • European and GDPR by design funded by the European Commission.
  • ISO compliant and easily combinable with ISO/IEC 27001.
  • Continuously updated to align with the evolution of regulations and jurisprudences.
  • Comprehensive and applicable to almost any data processing activities.
  • Extensible to complementary national and domain specific obligations.
  • Independent and managed by an international board of experts.
  • Applicable to emerging technologies.
  • Online resources, tools, and support.
  • Highly reliable with systematic assessments.
  • Global ecosystem of qualified partners and experts.
  • Time and cost-efficient thanks to its innovative methodology.
  • Research and Innovation-empowered.

Getting started

DNV will drive you and offer you services aimed at obtaining the Europrivacy certification of your data processing activities. We offer you to:

  1. Select two priority data processing activities to be certified;
  2. Prepare the two selected data processing for certification by documenting their conformity;
  3. Support remediation in case of residual non-conformities;
  4. Bring the selected processing activities to certification by an independent Certification Body and support the process;
  5. Elaborate a certification plan for the remaining data processing to be certified;
  6. Give you access to continuous updates on European and national requirements related to personal data protection in order to maintain and enhance your conformity.

DNV is an accredited third-party certification body and can help you throughout the journey with relevant training and certification.

Note: Europrivacy is an international trademark registered in several jurisdictions.