The European data processing board, an independent body bringing together the EU’s national data protection authorities from across the EU, approved the very first European Data Protection Seal. The certification mechanism encompasses a wide range of data processing operations in many sectors. Both data controllers, the companies and services who decide ‘why’ and ‘how’ personal data is processed, as well as data processors, a third party or employee who processes personal data on behalf of the controller, perform such operations. The Europrivacy certification can help data controllers and data processors certify their is valid in all member states.
Compliance with GDPR: simplified & certified
With GDPR, the EU has taken the lead in modernising and strengthening users’ rights and freedoms to protect their personal data, and hence, their privacy. The Europrivacy certification criteria is based on the data protection requirements laid down in the regulation.
Companies and services can use the certification scheme to increase the value of their businesses and trust in their services. They can use Europrivacy to:
- assess the compliance of their data processing activities
- select data processors
- assess the adequacy of cross-border data transfers
- assure citizens and clients of the adequate processing of their personal data
Meanwhile, citizens can rest assured that companies are adequately processing their personal data, in respect of their rights as data subjects.
Ensuring compliance in an innovative way
Researches developed the certification scheme under Europe’s Horizon 2020 research programme. It resulted in a combination of characteristics that highlight its innovative nature, namely:
- It is applicable to a wide variety of data processing activities, while taking into account sector-specific obligations and risks
- It is applicable to emerging technologies, such as AI, IoT, blockchain, automated cars, smart cities, etc
- It is supported by a Ledger (Blockchain) based registry of certificates for authenticating delivered certificates and for preventing forgery
- It has an innovative format for criteria, which is both human and machine-readable. Auditors can easily use and integrate it into software, applications and tools
The Europrivacy International Board of Experts in data protection and the European Centre for Certification and Privacy manage and update the certification scheme, accordingly. The two bodies will ensure that it is in step with regulatory and technological advancements. 7. It leverages two complementary models of ISO certification (ISO/IEC 17065 and ISO/IEC 17021-1) in order to make it applicable to a large set of data processing activities. It is aligned with ISO standards and can be easily combined with the certification of security of information management systems (ISO/IEC 27001).