Objectively demonstrate data protection compliance – with a certification according to Trusted Site Privacy
With Trusted Site Privacy (TSP), TÜViT takes a holistic approach. Within the framework of this widely respected certificate IT systems are tested under legal and technical aspects regarding responsible handling of personal data of customers.
The testing by our experts is based on the evaluation criteria for quality in company data protection, which were developed during a two-year EU research project involving over 80 top experts from various industries.
Trusted Site Privacy: Holistic testing in 4 steps
Even the testing procedure preceding the TSP certification follows a holistic approach. The award of a TSP certificate is based on three comprehensive evaluations: first a (legal and technical) assessment of data protection compliance and then a security inspection.
The testing comprises several steps:
Evaluation criteria within the scope of a certification according to Trusted Site Privacy
The evaluation of data protection compliance is carried out by legal and technical experts from the TÜViT Data Protection Office. This is based on the analysis of the documents and the results of the on-site implementation check.
Data protection compliance
- Authorization basis for data processing
- Legality of individual phases of data processing
- Compliance with data protection principles
- Rules for order processing
- Compliance with the rights of the data subjects
- Notification, information and disclosure obligations
Transparency and data subject friendliness
- Transparency of the data protection policy
- Transparency of the data protection documentation
- Support for the data subjects in exercising their rights
- Technical security and specific organizational requirements for the test object
Data protection management system
- Data protection policy and working instructions
- Risk analysis
- Regular checks to improve the data protection measures, continuous improvement process
- Qualification of the employees
- Operating conditions of the Data Protection Officer
- Documentation of the data protection measures
Privacy by Design & Privacy by Default
- Data protection aspects must be considered already when developing a system
- Its design must be based on the premise that only absolutely necessary data will be collected
- Where a system offers default settings, the more privacy-friendly settings shall be used
- Any extended access to personal data must require release by explicit opt-in
The security inspection includes a.o.:
- Testing of the components used as well as of the network and transport security
- Testing of the configuration options
- Testing of the tools used
- Performance of penetration tests
The certification process at a glance
FAQ regarding data protection certification for Trusted Site Privacy
What are the benefits of TSP when compared to other seals concerning privacy?
TSP works with criteria developed by scientific and business experts of governmental and private data protection organizations within an EU research project. The tests and the awards of the certificates are performed directly by TÜViT so that each project is completely managed by a company of the renowned TÜV NORD Group. Especially in Germany the acronym TÜV (comparable to UL in the US) stands for highest demands and for most thorough examination with a view to the security of products and services of all kinds.
What is tested within the scope of TSP?
For the TSP certificate to be awarded a test object is first examined regarding the lawful processing of personal data and its sufficient security level provided by adequate safeguards. In addition, these technical and organizational measures for safeguarding the processed data are tested in the framework of a security-related investigation (SI) and subjected to a stress test which by performing a targeted search for vulnerabilities simulates potential attack tactics of an unidentified attacker.
What is the basis for TSP certification?
The criteria for the TSP certificate were partly developed as a result of a two-year EU research project involving over 80 experts from various backgrounds (business, science, governmental and private data protection organizations). The task to perform certification based on those criteria was entrusted to TÜViT as the sole provider.