MENU

Trusted Site Privacy: Certification of corporate data protection

  • Get in contact now!

Objectively demonstrate data protection compliance – with a certification according to Trusted Site Privacy

With Trusted Site Privacy (TSP), TÜViT takes a holistic approach. Within the framework of this widely respected certificate IT systems are tested under legal and technical aspects regarding responsible handling of personal data of customers.

The testing by our experts is based on the evaluation criteria for quality in company data protection, which were developed during a two-year EU research project involving over 80 top experts from various industries.

Trusted Site Privacy: Holistic testing in 4 steps

Even the testing procedure preceding the TSP certification follows a holistic approach. The award of a TSP certificate is based on three comprehensive evaluations: first a (legal and technical) assessment of data protection compliance and then a security inspection.


The testing comprises several steps:
 

Trusted Site Privacy: IST-Analyse und Definition Scope Trusted Site Privacy: IST-Analyse und Definition Scope Trusted Site Privacy: IST-Analyse und Definition Scope Trusted Site Privacy: IST-Analyse und Definition Scope

ACTUAL situation analysis and definition of scope

Within the scope of an actual situation analysis experienced experts evaluate the current condition of your product. This is done in a preliminary discussion in which the current situation is extensively assessed on the basis of proven criteria. Usually, this certification step comprises a workshop. Here, prior to the actual audit, you are informed about the fundamentals of our work and the underlying legislation.

Furthermore, in the actual situation analysis the exact scope of the subsequent auditing process and ultimately also the certification is specified in close coordination with you. Precision is crucial here and will therefore be consistently emphasized by our experts.

Trusted Site Privacy: Bewertung der Dokumentation Trusted Site Privacy: Bewertung der Dokumentation Trusted Site Privacy: Bewertung der Dokumentation Trusted Site Privacy: Bewertung der Dokumentation

Assessment of the documentation

Our experts thoroughly review the documentation submitted by you. They assess whether the measures specified by you sufficiently comply with the substantive legal requirements for data protection and whether the submitted documents sufficiently demonstrate these measures so that in a worst-case scenario they will stand up to a verification by a supervisory authority.

Trusted Site Privacy: On-Site Audit und sicherheitstechnische Untersuchung Trusted Site Privacy: On-Site Audit und sicherheitstechnische Untersuchung Trusted Site Privacy: On-Site Audit und sicherheitstechnische Untersuchung Trusted Site Privacy: On-Site Audit und sicherheitstechnische Untersuchung

On-site audit and security inspection

We visit your premises to ensure by on-site inspection, assessment and interrogation regarding your systems that the required measures and actions prescribed by you are being consistently implemented throughout the company. In addition, we perform a security inspection (SI) to test whether the systems used by you are able to ensure the intended level of customer data protection also from a technical point of view. For this purpose we technically assess, for example, the components in use or perform extensive penetration tests, with which we discover any vulnerabilities of the system’s infrastructure.

Trusted Site Privacy: Prüfbericht Trusted Site Privacy: Prüfbericht Trusted Site Privacy: Prüfbericht Trusted Site Privacy: Prüfbericht

Audit report

The inspection is concluded by the generation of a comprehensive audit report which comprises the results of the evaluation of both the documents and the audit. This report evidences compliance with the requirements and serves as the basis for the issuance of the certificate by the certification body.

Evaluation criteria within the scope of a certification according to Trusted Site Privacy

The evaluation of data protection compliance is carried out by legal and technical experts from the TÜViT Data Protection Office. This is based on the analysis of the documents and the results of the on-site implementation check.
 

Data protection compliance

  • Authorization basis for data processing
  • Legality of individual phases of data processing
  • Compliance with data protection principles
  • Rules for order processing
  • Compliance with the rights of the data subjects
  • Notification, information and disclosure obligations

Transparency and data subject friendliness

  • Transparency of the data protection policy
  • Transparency of the data protection documentation
  • Support for the data subjects in exercising their rights

Processing security

  • Technical security and specific organizational requirements for the test object

 

Data protection management system

  • Data protection policy and working instructions
  • Risk analysis
  • Regular checks to improve the data protection measures, continuous improvement process 
  • Qualification of the employees
  • Operating conditions of the Data Protection Officer
  • Documentation of the data protection measures

Privacy by Design & Privacy by Default

  • Data protection aspects must be considered already when developing a system
  • Its design must be based on the premise that only absolutely necessary data will be collected 
  • Where a system offers default settings, the more privacy-friendly settings shall be used 
  • Any extended access to personal data must require release by explicit opt-in

Security inspection

The security inspection includes a.o.:

  • Testing of the components used as well as of the network and transport security
  • Testing of the configuration options
  • Testing of the tools used
  • Performance of penetration tests

The certification process at a glance

Certification scheme Trusted Site Privacy Certification scheme Trusted Site Privacy Certification scheme Trusted Site Privacy Certification scheme Trusted Site Privacy

FAQ regarding data protection certification for Trusted Site Privacy

 

FAQ zur Datenschutz-Zertifizierung Trusted Site Privacy FAQ zur Datenschutz-Zertifizierung Trusted Site Privacy FAQ zur Datenschutz-Zertifizierung Trusted Site Privacy FAQ zur Datenschutz-Zertifizierung Trusted Site Privacy

 

What are the benefits of TSP when compared to other seals concerning privacy?

TSP works with criteria developed by scientific and business experts of governmental and private data protection organizations within an EU research project. The tests and the awards of the certificates are performed directly by TÜViT so that each project is completely managed by a company of the renowned TÜV NORD Group. Especially in Germany the acronym TÜV (comparable to UL in the US) stands for highest demands and for most thorough examination with a view to the security of products and services of all kinds.
 

FAQ zur Datenschutz-Zertifizierung Trusted Site Privacy FAQ zur Datenschutz-Zertifizierung Trusted Site Privacy FAQ zur Datenschutz-Zertifizierung Trusted Site Privacy FAQ zur Datenschutz-Zertifizierung Trusted Site Privacy

 

What is tested within the scope of TSP?

For the TSP certificate to be awarded a test object is first examined regarding the lawful processing of personal data and its sufficient security level provided by adequate safeguards. In addition, these technical and organizational measures for safeguarding the processed data are tested in the framework of a security-related investigation (SI) and subjected to a stress test which by performing a targeted search for vulnerabilities simulates potential attack tactics of an unidentified attacker.
 

FAQ zur Datenschutz-Zertifizierung Trusted Site Privacy FAQ zur Datenschutz-Zertifizierung Trusted Site Privacy FAQ zur Datenschutz-Zertifizierung Trusted Site Privacy FAQ zur Datenschutz-Zertifizierung Trusted Site Privacy

 

What is the basis for TSP certification?

The criteria for the TSP certificate were partly developed as a result of a two-year EU research project involving over 80 experts from various backgrounds (business, science, governmental and private data protection organizations). The task to perform certification based on those criteria was entrusted to TÜViT as the sole provider.

You have questions? We are pleased to help!

Gerald Krebs

Global Account Manager

+49 201 8999-411
Fax : +49 201 8999-666

g.krebs@tuvit.de

Alexander Padberg

Sales Manager

+49 201 8999-614
Fax : +49 201 8999-666

a.padberg@tuvit.de

Further services

EU General Data Protection Regulation

From May 25, 2018 the requirements of the EU General Data Protection Regulation are to be implemented with binding effect. What will remain the same and what will change? Which processes have to be set in motion? And what will be the impacts for your company?
Read more

External Data Protection Officer

TÜViT provides external certified Data Protection Officers who ensure sustainable data protection organization in companies.
Read more
Data Security Assessment

Data Security Assessment

The data security assessment procedure of TÜViT focuses on the measures which are particularly relevant to SMEs and which can be effectively implemented even with the limited use of resources.
Read more