Article 42 f. GDPR introduces approved certification mechanisms. This will take data protection certification to the next level. Companies that manage to obtain such an official GDPR certification will benefit in many ways. In particular, they will have an extremely solid means to demonstrate to their customers that relevant processing operations comply with the GDPR. Similarly, in future, approved certification mechanisms can be an important means to demonstrate compliance to the competent supervisory authority and the existence of such a certification could even prevent a company from being fined under certain circumstances.
A central prerequisite for an approved certification mechanism is the approval of a certification programme as eligible for accreditation. EuroPriSe has now reached an important milestone on the way to achieving this goal: In spring 2019, we submitted a certification programme to the DAkkS for review. Subsequently, their programme review body carried out a legal, formal and system audit. On 5 November 2020, the DAkkS informed us that our programme now meets all requirements of the relevant international standards ISO/IEC 17065 and ISO/IEC 17067.
Currently, the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW) is examining the programme and the corresponding certification criteria. After the successful completion of this examination with the approval of the submitted criteria catalogue, the DAkkS programme committee will conclude the programme examination procedure with a declaratory decision. On the way to national certification, EuroPriSe then must still work towards its actual accreditation as a certification body for the approved programme and the granting of the authority to act as a certification body.
EuroPriSe’s stated objective is to obtain approval from the European Data Protection Board (EDPB) for its certification criteria in a next step. This will put us in the position to offer an official European Data Protection Seal.
Against this background, we are pleased to announce that we will shift our certification operations to the future certification programme within the next few months. An important innovation compared to the current programme is that in the future, certification customers will only be able to apply for certification after they have carried out and documented a maturity assessment in accordance with the specifications of the programme. In doing so, they can make use of the assistance by legal and technical data protection experts familiar with the programme. EuroPriSe will then carry out the actual certification procedure. The preceding maturity assessment will allow for a quick, efficient and cost-effective completion of this procedure.
For further information, please contact us at firstname.lastname@example.org.