Data security
TÜV-certified data protection in accordance with Article 42 EU GDPR
Article 42 of the EU GDPR creates the prerequisites for certification in accordance with the EU General Data Protection Regulation. TÜVIT is currently undergoing the accreditation process for data protection certification.
Customers and business partners are generally unable to see which data protection measures a company is implementing. This is set to change in future with standardised data protection certification in accordance with the EU GDPR.
Data protection certification is a procedure that can be used to check processing operations for IT products, services or in the company with regard to compliance with legal data protection requirements. The result is a data protection certificate or seal of approval that proves the implementation of the data protection standards of the GDPR.
The framework for certification is provided by Art. 42 GDPR, with which the EU promotes the introduction of data protection-specific certification procedures and the award of data protection seals and certification marks by certified bodies.
GDPR certification offers companies many opportunities to make their data protection measures transparent, effective and legally compliant. In addition to providing objective proof of compliance with legal requirements, it strengthens trust among customers and business partners.
Our certification programme has already been approved in principle by the LDI NRW (State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia) and is now awaiting an opinion from the EDPB (European Data Protection Board). At the same time, the accreditation process is underway at the German Accreditation Body (DAkkS). The certification programme is not limited to specific areas of application, but considers all forms of data processing by information processing services. The criteria it contains take into account both the requirements of the GDPR and the BDSG as well as other requirements, for example from ISO standards, the TDDDG, etc. We expect to be able to offer the first audits and certifications in accordance with the new certification programme by the end of 2025/beginning of 2026 at the latest.
As part of the Certification of video consultations we are already carrying out certifications in accordance with Article 42 GDPR, based on an exemption in Annex 31b BMV-Ä.
GDPR certification is generally aimed at all companies in which personal data is processed and/or stored using IT-supported processing procedures.
We have already submitted our certification programme to the DAkkS and are confident that we will be able to offer the first certifications in accordance with Article 42 GDPR from the end of Q2 or beginning of Q3 2025
Unfortunately, there is no general answer to the question of how high the costs for GDPR certification are. The final costs depend, among other things, on the subject of the audit and the scope and depth of the audit.
The certificate in accordance with Art. 42 GDPR is formally valid for a maximum of 3 years. However, since certification is always only a temporary admission and business processes and data protection requirements can change over time, re-certification may be necessary before then.
Below you will find a brief general overview of the points covered by our test criteria:
Depending on the scope and requirements, further specific criteria may also be added.
Good reasons that speak in our favour