The Europrivacy Certification Scheme has provides a comprehensive set of criteria to assess and document the compliance of personal data processing activities with the European General Data Protection Regulation (GDPR) obligations. The criteria have been approved by the European authorities to serve as the European Data Protection Label under Article 42 GDPR.
A specific methodology and criteria format have been developed to minimise the risk of subjective interpretation when assessing compliance. All the criteria are maintained and kept updated by the European Centre for Certification and Privacy (ECCP) and its Europrivacy International Board of Experts.
The Europrivacy GDPR core criteria enable to assess compliance with regards to:
- Lawfulness of Data Processing
- Special Data Processing
- Rights of the Data Subjects
- Data Controller Responsibility
- Data Processors (or sub Processors)
- Security of Processing and Data Protection by Design
- Management of Data Breaches
- Data Protection Impact Assessment (DPIA)
- Data Protection Officer (DPO)
- Transfers of personal data to third countries or international organisations
Where applicable, it is complemented by:
- Complementary Contextual Checks and Controls to assess technology and domain-specific obligations
- Technical and Organisational Measures (TOM) Checks and Controls to assess security requirements
The Europrivacy regular GDPR certification can be extended to demonstrate compliance with non-EU jurisdictions too, by applying complementary national criteria, also known as Europrivacy national extensions.
All Europrivacy criteria and documentation are available through the Europrivacy Community and Resources website. You can click on the following link to consult the detailed Europrivacy Core Criteria.