Demonstrating data protection compliance

Certification with Europrivacy

Osborne Clarke has been selected and qualified as a Europrivacy^TM/® official partner. As such, we can support and prepare clients to obtain EDPB authorised certification of the conformity of their data processing activities with the General Data Protection Regulation (GDPR). Achieving certification has a number of potential benefits:

• Identifying and reducing legal and financial risks
• Improving reputation and access to the market
• Building trust and confidence

Why is certification under GDPR beneficial?

The GDPR contains over 70 references to certification as a means of demonstrating how data processing activities confirm with GDPR requirements, including for selecting data processors with adequate level of data protection and for authorizing cross-border data transfers.

As is well-known, non-conformity with the GDPR carries certain legal and financial risks. Going through the process of GDPR certification will help identify any significant issues, and enable these to be addressed, thus reducing legal and financial risks.

In addition, a Europrivacy certificate can be a differentiator with customers and data subjects. For example, it demonstrates commitment and engagement in protecting personal data and in ensuring that robust and reliable processes for handling personal data are in place. Organisations can choose which data processing activities are certified - for example, certification can be just in respect of particular products or services.

Companies with a certified data processing position can position themselves as front-runners in data protection with a competitive advantage in the market. Indeed, we anticipate that some data controllers will ultimately prefer data processors who have certified the relevant parts of their data processing services.

Europrivacy's certification process

The Europrivacy certification scheme has been developed through a European research programme financed by the European Commission. It is designed to address the specific obligations of the GDPR and to serve as official certification scheme under Article 42 of the GDPR. It has also been developed in consultation with national supervisory authorities.

The certification scheme is managed and continuously updated by the European Centre for Certification and Privacy in Luxembourg. It is the first scheme that has been submitted by a European national data protection authority to European Data Protection Board as part of the formal endorsement process for a European certification scheme under Article 42 of the GDPR.

Europrivacy is applicable to all sorts of data processing, including both existing and emerging technologies. It is flexible in that it enables organisations to:

• document, assess, and certify their conformity with both the GDPR and complementary national data protection regulations; and
• select specific priority data processing activities, and then progressively certify them once they are ready, rather than requiring an all at once approach.

In addition, Europrivacy has been designed to be closely aligned with ISO standards and complementary management system certifications, such as ISO/IEC 27001 or 27701.

The actual Europrivacy certification is delivered by qualified certification bodies. The certification is aligned with the applicable ISO/IEC 17065 and 17021-1 principles. It combines various methodologies, such as documentation review, sampling analysis, technical tests, inspections, and interviews.

Delivered certificates can be verified and authenticated on the public Europrivacy Registry, which is enhanced with Blockchain technology to maximize authentication, reliability and transparency of certificates.

How we can help

As an official partner of Europrivacy, we can support and prepare clients to obtain certification of their data processing activities with Europrivacy and GDPR. If you would like to discuss this further, please contact one of our experts listed below.

Europrivacy is an international trademark registered in several jurisdictions.