Privacyseal ePrivacycert

 

With ePrivacycert GmbH we will soon be offering an officially recognised data protection seal to our customers.

The "ePrivacycert" data protection seal is currently in the process of receiving official recognition. It will be awarded by ePrivacycert GmbH, soon an accredited certification entity. It complies with the requirements of the GDPR and will therefore also have the legal effect set out in art. 42 et seqq. GDPR.

 

What does accreditation mean?

Reliability through conformity testing

The requirements for the quality of data protection seals are increasing every day. Objective tests and certifications are becoming more and more important.

These assessments ensure that the products, processes, services or systems undergoing the certification are reliable in terms of their quality and safety, that they meet a certain technical standard and that they conform to the specifications of relevant norms, directives and laws. These objective confirmations are referred to as "conformity assessments".

The central prerequisite for an approved certification mechanism is the initial review of the certification programme. This first step on the way to an officially recognised data protection seal is the confirmation of the conformity assessment programme, which is carried out by the Deutsche Akkreditierungsstelle (DAkkS) in Germany.

ePrivacycert GmbH has reached this important milestone on the way to becoming an officially accredited seal. We received the confirmation from the DAkkS in 2020.

Further steps towards the "ePrivacycert" data protection seal

As a next step, the Hamburg data protection authority, which is the competent government body in our case, will now examine the content of the programme. As soon as the results are available, we can obtain the final confirmation by the European Data Protection Board.

As soon as the ePrivacy Group has reached further milestones towards the government recognition of the “ePrivacycert” seal, we will inform you on this page.

 

Certification with the officially recognised "ePrivacycert" data protection seal

1.    Pre-Assessment (="Ready for certification")

The new seal requires a so-called "pre-assessment" prior to the certification process. This ensures the “certifiability” of the product or service to be examined ("ready for certification").

The "pre-assessment" process for the "ePrivacycert seal" contains the same requirements that are currently laid down as part of the review for the certification under the existing "ePrivacyseal" data protection seal.

An applicant that has successfully passed the "ePrivacyseal" certification process, saves time by not requiring any further, time-consuming "pre-assessment" for the official "ePrivacycert" seal. For our existing customers, this means considerable cost and time advantages in obtaining the official certification. As soon as the officially recognised seal can be awarded, "ePrivacyseal" customers have the advantage of having already successfully completed the pre-assessment.

You can start the “pre-assessment” process with ePrivacy in the near future. Please do not hesitate to contact us.

2.    Certification

After completion of the "pre-assessment", the independent auditors of ePrivacycert check whether the data processing operations of the product or service can be certified with the new official data protection seal.

This audit can be carried out as soon as the data protection seal "ePrivacycert" is officially approved.

Certification process for the "ePrivacycert" data protection seal of approval

The auditing and the subsequent certification are carried out entirely separately, the teams are set up independent of each other. The certification process complies with the requirements of the GDPR with a public criteria catalogue, accreditation of assessors, publication and justification of the awarded seals, and separation of audit and certification (two-stage process). No consulting takes place within the scope of ePrivacycert's activities.

The audit and certification process is carried out as follows in accordance with the certification regulations of ePrivacycert as amended from time to time:

1.    Reviewing the status quo

As a first step, our team of experts familiarises itself with the technical and legal aspects of your business model and the subject matter.

2.  Audits

Auditors recognised by ePrivacy carry out the technical and legal audits independently and autonomously.

3.  Examination workshop

In a detailed audit workshop, the individual technical and legal audit requirements are discussed. Any open requirements, deviations and possible risk factors are discussed.

4.  Preparation of a detailed report

The technical and data protection audits are carried out by the accredited auditors using the comprehensive ePrivacycert criteria catalogue. The auditors summarise the results of their technical and legal audits in a detailed audit report.

5.  Certification

If the report shows that the data protection requirements of the criteria catalogue of ePrivacycert GmbH have been met, the data protection seal is usually awarded for a period of three years. Within this period, compliance must be monitored once a year. After the seal has expired, recertification is required.

Do you have questions or recommendations for us?

We are glad to receive your comments.