EuroPriSe – Developed in Germany, well-respected in Europe
The EuroPriSe certification procedure was developed within the framework of a project to create an EU-wide privacy seal, which had originally been supported by the European Union. Its focus is on data protection and the accompanying technical processes of IT products as well as on IT based services (Controller/Processor).
Evaluation aspects within the scope of a certification according to EuroPriSe
The evaluation of data protection conformity is carried out by certified legal and technical experts of the TÜViT specialist unit for data protection experts. It is based, among other things, on the analysis of the documents and the results of the on-site implementation audit and technical tests according to the EuroPriSe criteria.
The EuroPriSe certification has a validity of 2 years and can be continued by a successful re-certification. Within the two-year validity period, two monitoring audits are mandatory to check for relevant changes. The European Privacy Seal is published on the EuroPriSe website and a short public evaluation report provides sufficient transparency to those concerned and interested parties.
A EuroPriSe certification includes the following evaluation aspects:
Set 1: Overview on fundamental issues
- Fundamental Aspects of Processing
- Fundamental Technical Construction
Set 2: Legitimacy of Data Processing
- Legal Basis for the Processing of Personal Data
- General Requirements
- Special Requirements to the Various Phases of the Processing
- Special Types of Processing Operations
- Compliance with GDPR Principles
Set 3: Technical-Organisational Measures:Accompanying Measures for Protection of the Data Subject
- General Duties (Data Security)
- Technology-specific and Service-specific Requirements
Set 4: Data Subject Rights
- Rights under the GDPR
- Rights under the ePrivacy Directive (ePD)
The certification process at a glance
FAQ regarding the European Privacy Seal (EuroPriSe) data protection certification
What are the benefits of EuroPriSe when compared to other seals concerning privacy?
EuroPriSe works with criteria developed by a consortium involving governmental bodies. In addition, all reports on which the award of the certificate is based are written in English so that the results of the independent testing is comprehensible for international actors, too.
What is tested within the scope of EuroPriSe?
For the EuroPriSe certificate to be awarded a test object is examined to determine whether the processing of personal data is lawfully performed and whether the data are protected by technical and organizational measures (IT Product; IT-based Services – Controller/Processor).
What is the basis for EuroPriSe certification?
Initially the criteria for the EuroPriSe certificate were developed by a consortium of European companies and associations under the leadership of the Unabhängiges Landeszentrum für Datenschutz (ULD; Independent Center for Data Protection for the German State of Schleswig-Holstein) and a.o. also TÜViT on the basis of the data protection law applicable at the time. When in 2017 the criteria were most recently updated, they were adapted to the new legal framework of the GDPR.