Draft:EuroPriSe GDPR-Certification

EuroPriSe (short for European Privacy Seal) refers to certifications conducted by the private company EuroPriSe Cert GmbH, based in Bonn. Since the beginning of 2024, EuroPriSe has offered Germany's first certification in accordance with Art. 42 GDPR, establishing itself as a pioneer in the entire European Union with its focus on processors.

Initiated in 2007 by the Independent Centre for Data Protection in Schleswig-Holstein and funded by the European Union as part of the eTEN program, EuroPriSe has evolved into a global benchmark for data protection.

From its inception, the objective has been to develop an officially approved European data protection seal. EuroPriSe thus aims to elevate the global standard of data protection and make data protection compliance visible through EU-wide recognized certifications.

An important milestone was achieved in December 2023 when EuroPriSe received accreditation from DAkkS (Deutsche Akkreditierungsstelle GmbH) as a certification body for processors under Art. 43 GDPR and was authorized by LDI NRW (State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia) to act as a certification body. Following the approval of the criteria catalog for processors by LDI NRW in 2022, this marked the commencement of Germany's first GDPR-based certification. The unique focus of the officially approved certification on processors sets it apart within the EU.

In early 2024, EuroPriSe commenced the first certification procedures for processors in accordance with Art. 42 GDPR. Previous certifications for IT products and IT-based services were immediately discontinued following accreditation.

Objectives
The goal of EuroPriSe is to promote the consistent implementation of the General Data Protection Regulation (GDPR) and elevate the standard of data protection within the EU and globally through rigorous data protection certification. This initiative aims to bolster the rights of data subjects while enhancing the market position of certified companies. EuroPriSe empowers processors to showcase their adherence to data protection regulations and transparently communicate their quality standards regarding data processing. Demonstrating compliance with data protection measures is increasingly becoming a distinguishing feature and competitive edge for processors, both in consumer-facing interactions and within the business-to-business (B2B) market.

History
2007-2009: The groundwork for EuroPriSe was laid during the eTEN project, funded by the European Union. This initiative aimed to develop a European data protection seal for IT products and services, which was then tested through pilot certifications.

2009-2013: EuroPriSe was overseen by the supervisory authority ULD-SH (Independent Centre for Data Protection Schleswig-Holstein).

2014: EuroPriSe transitioned to being managed by the private entity EuroPriSe GmbH (renamed EuroPriSe Cert GmbH by the end of 2021).

2018: With the implementation of the GDPR in May, EuroPriSe's focus shifted towards obtaining accreditation as a certification body under Article 43 of the GDPR as swiftly as possible.

2022: The EuroPriSe criteria catalog for certifying processors in compliance with Article 42 of the GDPR was approved by the LDI NRW (State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia). This approval signifies that the certification program for processors has received endorsement from both the DAkkS (German Accreditation Body) and the LDI NRW. EuroPriSe thus became the first German company to secure approval for such a certification program.

2023: In December, EuroPriSe receives accreditation from DAkkS as a certification body for processor certifications. Concurrently, the LDI NRW grants EuroPriSe authorization to function as a certification body under Article 43 of the GDPR (cf. § 39 BDSG). With the certification program and criteria approved, along with accreditation and authorization secured, EuroPriSe becomes the first German entity capable of offering an endorsed certification process in line with Article 42.

2024: EuroPriSe initiates the execution of approved certification procedures for processors based on the endorsed certification program for Germany. Consequently, previous certifications for IT products and services are discontinued.

Certification
Experts endorsed by the certification body evaluate the product or service on behalf of the manufacturer as part of an assessment (1st testing phase) and compile an expert report. In a validation process (2nd testing phase), the certification body verifies the application of criteria to the product or service, assessing completeness, thoroughness of testing, and plausibility, and subsequently issues the EuroPriSe quality seal based on the findings.

Authorization of Experts
Admission as a EuroPriSe legal or technical assessor is awarded by EuroPriSe GmbH upon successful completion of an assessment during the assessor training, along with the demonstration of expertise and reliability.

Project
The expansion to the European level was guided by European data protection legislation, particularly Directive 95/46/EC (Data Protection Directive). The existing test criteria in Schleswig-Holstein were adapted to meet European requirements as part of the project. Additionally, the project tailored criteria for the Europe-wide approval of experts to align with European conditions and devised concepts for accrediting additional certification bodies and organizing the exchange of information among testing bodies, experts, and certification bodies. The practicality of the solutions was assessed through pilot procedures.

Weblinks
EuroPriSe Homepage (english)