Skip to content

TSP - discovered, explained

Trusted Site Privacy

With Trusted Site Privacy (TSP), TÜVIT pursues a holistic approach. As part of this widely respected certificate, IT systems are tested under legal and technical aspects with regard to the responsible handling of customers' personal data.

What is Trusted Site Privacy?

Trusted Site Privacy refers to a data protection concept in which users can trust that their personal data will be handled securely and responsibly on a website. The operator undertakes to collect only necessary data, to provide transparent information about its use and to protect it from unauthorised access. This is often linked to certifications or seals that prove compliance with certain data protection and security standards. The aim is to create trust, prevent misuse and comply with legal requirements such as the GDPR. This way, visitors can be sure that their privacy is respected.

Our experts use the evaluation criteria for quality in corporate data protection, which were developed over a period of two years by over 80 top experts from various industries as part of an EU research project.

Special features of Trusted Site Privacy

  • Transparent data usage - clear information about what data is collected and what it is used for
  • Minimal data collection - only necessary personal data is stored
  • High security standards - protection against unauthorised access through encryption and secure servers
  • Certifications & seals - proof of compliance with audited data protection guidelines
  • Legal compliance - fulfilment of legal requirements such as GDPR
  • Building trust - strengthening user loyalty through reputable handling of data

Evaluation criteria within the framework of Trusted Site Privacy certification

  • Authorisation bases for data processing
  • Lawfulness of individual phases of data processing
  • Compliance with data protection principles
  • Regulations on order processing
  • Compliance with the rights of data subjects
  • Notification, information and information obligations

  • Transparency of the data protection policy
  • Transparency of data protection documentation
  • Support for data subjects in exercising their rights

  • technical safety and organisational requirements specific to the test object

  • Data protection policy and work instructions
  • Risk analysis
  • Regular review to improve data protection measures, continuous improvement process
  • Qualification of employees
  • Functional conditions of the data protection officer
  • Documentation of data protection measures

  • Systems must take data protection into account right from the development stage
  • they must be created from the ground up in such a way that only the absolutely necessary data is collected
  • if a system offers default settings, the more data protection-friendly ones must be used by default
  • any extended access to personal data must be authorised by explicit opt-in

The security inspection includes, among other things

  • Checking the components used as well as network and transport security
  • Testing the configuration options
  • Testing the tools used
  • Carrying out penetration tests
TSP certification

Comprehensive testing in 4 steps

This holistic approach is also reflected in the testing procedure that precedes TSP certification. A TSP certificate includes three comprehensive evaluations. Firstly, an assessment of data protection compliance (legal and technical) and additionally a security analysis.

Actual analysis and scope definition

As part of the as-is analysis, experienced experts evaluate the current status of your product. This takes place as part of a preliminary discussion in which a comprehensive assessment is carried out based on proven criteria. This certification step usually also includes a workshop. Here, the basics of our work and the laws on which it is based are explained to you before the actual audit.

In addition, the exact scope of the subsequent auditing process and ultimately the certification is defined in close consultation with you as part of the as-is analysis. Precision is of the utmost importance and is consistently enforced by our experts.

Evaluation of documentation

Our experts put the documentation you submit through its paces. They will consider whether the measures you have specified are sufficient to meet the substantive legal requirements for data protection and whether the submitted documents also provide sufficient evidence of these measures to withstand an audit by a supervisory authority in an emergency.

On-site audit and safety inspection

We inspect your systems on site and ensure through inspections, assessments and interviews that the necessary measures you have ordered are implemented consistently and comprehensively. As part of a security investigation (SU), we also test whether the systems you use can technically guarantee the desired level of customer data protection. This is done, for example, through a technical assessment of the components used or through extensive penetration tests that can uncover weaknesses in the infrastructure used.

Preparation of a detailed test report

The inspection is concluded with a comprehensive test report that includes the results of the evaluation of the documents and the audit. This report documents the fulfilment of the requirements and serves as the basis for the issuing of the certificate by the certification body.

We will support you – no matter what

Get started at last!

We advise you

TÜV NORD IT Secure Communication I Berlin
To the consulting services Contact us
Goal achieved?

We check that

TÜV Informationstechnik I Essen
To the test offers Contact us

Frequently Asked Questions (FAQ)

What you need to know about the Trusted Site Privacy certification

TSP works with criteria that have been developed by experts from science, business, government and private data protection organisations as part of an EU research project. The tests and the awarding of the certificates are carried out directly by TÜVIT, so that the respective project is supervised holistically by a company of the renowned TÜV NORD Group. In Germany in particular, the abbreviation TÜV is synonymous with the highest standards and the most thorough testing with a view to the safety of products and services of all kinds.

The criteria for the TSP certificate were developed in part as the result of a two-year EU research project by over 80 experts from various backgrounds (business, science, government and private data protection organisations). TÜVIT was the only provider entrusted with the task of certification based on these criteria.

To obtain the TSP certificate, a test object is first checked for the lawful processing of personal data and its adequate security through appropriate protective measures. In addition, these technical and organisational measures for securing the processed data are put to the test as part of a security investigation (SU) and subjected to a stress test through a targeted search for vulnerabilities, which simulates possible attack tactics of unknown attackers.

This holistic approach is also reflected in the testing procedure that precedes TSP certification. A TSP certificate includes three comprehensive evaluations. Firstly, an assessment of data protection compliance (legal and technical) and, in addition, a security analysis.

The audit is carried out in several steps:

1) As-is analysis and scope definition:
As part of the as-is analysis, experienced experts evaluate the current status of your product. This takes place as part of a preliminary discussion in which a comprehensive inventory is carried out based on proven criteria. This certification step usually also includes a workshop. Here, the basics of our work and the laws on which it is based are explained to you before the actual audit. In addition, the exact scope of the subsequent auditing process and ultimately the certification is defined in close consultation with you as part of the as-is analysis. Precision is of the utmost importance and is consistently enforced by our experts.

2) Evaluation of the documentation:
Our experts thoroughly review the documentation you submit. They consider whether the measures you have specified are sufficient to meet the substantive legal requirements for data protection and whether the documents submitted also provide sufficient evidence of these measures to withstand an audit by a supervisory authority in an emergency.

3) On-site audit and security investigation:
We inspect your systems on-site and ensure that the necessary measures ordered by you are implemented consistently and comprehensively by means of inspections, assessments and interviews. As part of a security investigation (SU), we also test whether the systems you use can also technically guarantee the desired level of customer data protection. This is done, for example, through a technical assessment of the components used or through extensive penetration tests, which can reveal weaknesses in the infrastructure used.

4) Preparation of a detailed audit report:
The inspection is concluded with a comprehensive audit report that includes the results of the evaluation of the documents and the audit. This report documents the fulfilment of the requirements and serves as the basis for the issuing of the certificate by the certification body.

Haven't found what you're looking for yet?

Three people look at a screen together.
Data protection organisation (DPO)
A woman works with a tablet and lists on paper
Data protection check
A doctor works on a computer.
Video consultation