Europrivacy delivers step-by-step services adapted to the level of maturity of the applicant, from awareness to certification. It enables applicants to choose where to start, according to their level of readiness, with the possibility to stop or suspend the process at the end of any stage. All services are delivered under the seal of confidentiality by selected experts. Europrivacy certificates are delivered by certification bodies duly authorised by the European Centre for Certification and Privacy (ECCP).
The European General Data Protection Regulation (GDPR) Awareness takes the form of a one-day introduction to the GDPR rules and requirements. It provides general information to better understand what is expected by the European Union in terms of personal data protection. This awareness course is designed to accommodate groups of participants and can be organised for several applicants at a time to minimise costs.
The Quick Check intends to perform a preliminary check of the level of compliance with the GDPR. It enables the identification of major areas of non-conformities that the applicant will have to focus on. The Quick Check takes the form of half a day (up to a full day) of on-site or online discussion led by experts. It enables the applicant and the experts to clarify together the scope of certification, as well as to better assess the expected time frame and number of audit days required for completing the certification.
DPIA & Risk Analysis
Article 35 of the GDPR requires data controllers to carry out Data Protection Impact Assessment for assessing the impact of their envisaged processing operations on the protection of personal data. In parallel, the GDPR exposes companies to major legal, financial and reputational risks. Europrivacy qualified partners provide access to experts in the domain of DPIA and Risk analysis. The DPIA will focus more on the risks for the data subjects, while the risk analysis will focus more on the risks for the applicant.
Audit and Gap Analysis
Europrivacy provides a highly comprehensive and reliable methodology to assess the level of compliance of processes, services, products and information management systems with the GDPR. It takes the form of a systematic analysis of compliance led by an audit team gathering legal and technical experts. The output of this process is a written report with a detailed list of identified non-conformities. It constitutes a major part of the certification process.
After the applicant has successfully addressed all the identified non-conformities, the audit team will assess and check that all non-conformities have been adequately resolved. If this is the case, the authorised Certification Body can deliver the formal Europrivacy certificate, which is valid for an initial period of three years and is renewable.
Surveillance and Monitoring
The GDPR requires that certification is monitored. Europrivacy performs surveillance audits and monitoring of GDPR compliance. It provides independent third-party monitoring, which contributes to reduced legal and financial risks.
Europrivacy-related services are focused on assessing GDPR and data protection compliance. They help to identify non-conformities an applicant will have to address in a systematic and detailed manner in order to be fully compliant with the GDPR and certified. In conformity with ISO rules of impartiality, the Audit Teams are authorised to describe and explain the non-conformities, but they are not authorised to deliver consulting on how these non-conformities shall be solved. It is the responsibility of the applicant to choose and implement adequate solutions.