EU approves first GDPR certification mechanism
On 17 October 2022, the European Commission announced that the European Data Protection Board (EDPB), the European network of Data Protection Authorities, had approved ‘Europrivacy’, the first certification mechanism which can be used by data controllers and processors to assess and attest to their compliance with the EU’s data protection regulation, the GDPR.
This “European Data Protection Seal” was developed by the European Centre for Certification and Privacy (ECCP) in Luxembourg with funding from the European Research Programme Horizon. It is the only GDPR certification officially recognized in all EU Member States, which is why it needed the approval of the EDPB rather than a national regulator. Public authorities are required by GDPR to encourage certification schemes, seals and marks, although the Regulation is also clear that they do not reduce controllers’ and processors’ responsibility for compliance.
Europrivacy will assess and certify the compliance of data processing with the GDPR and complementary national data protection regulations. It is set to enable applicants to identify and reduce their risks, to demonstrate and value their compliance and to enhance their reputation and market access.
In practice, Europrivacy has a network of external official partners, such as law firms, consulting firms, expert partners and certification bodies. They provide consultancy services on compliance before the application for certification. A qualified certification body (SGS, BSI, DNV, Eurofins, TAM CERT or Certop) carries out the certification. Successful certification leads to an entry in the Europrivacy certification registry.
· WFA will reach out to Europrivacy with a view to a possible session exploring the certification mechanism in more detail.