ePrivacyseal

ePrivacyseal GmbH awards the ePrivacyseal data protection seal of approval following an in-depth audit of a company's online and mobile products.

The updated ePrivacyseal  is also based on the General Data Protection Regulation (GDPR). It additionally covers the latest case laws, the Telecommunications Telemedia Data Protection Act (TTDSG), which came into force on 01 December 2021, as well as guidance from the European Data Protection Committee (EDSA) and a wide range of data protection authorities. The ePrivacyseal has been adapted for companies with products or services without concrete data processing operations (i.e., cloud systems, SaaS etc). These include companies in the online marketing industry.

The certification covers the requirements of the for digital products. The catalogue of criteria for certification is continuously being adapted to the interpretation of the GDPR and other data protection laws. In the course of our assessments, we will give you valuable tips on how you can design your business model in compliance with data protection regulations. The ePrivacyseal thus helps you to ensure secure and visible compliance with the GDPR.

Important note regarding the award of the ePrivacyseal EU on the basis of the current procedures (Art. 42 ff DSGVO): HERE.

These versions of the ePrivacyseal are available for different European markets:

 

The ePrivacyseal EU attests to a product's compliance with the list of ePrivacyseal criteria, which reflects the requirements imposed by EU data protection legislation in accordance to EU General Data Protection Regulation. This seal is not an accredited procedure within the meaning of article 42, 43 GDPR.

 

The ePrivacyseal CH attests to a product's compliance with the list of ePrivacyseal CH criteria, which reflects the requirements imposed by Swiss data protection legislation. We work closely with our Swiss legal advisers in this context.

ePrivacy adheres to all of the important certification standards:

  • Lists of criteria drawn up on the basis of applicable and recognized legal norms and imposing additional stringent requirements
  • Publication of the lists of criteria
  • Publication of the seals awarded together with a statement of the grounds for the award
  • Recognised technical and legal experts selected for their expertise
  • Listing of the ePrivacy seal with the Data Protection Foundation (Stiftung Datenschutz)

ePrivacy's adherence to these certification standards ensures a high degree of market recognition for its seals – on the part of its customers, investors and competitors.

Certification process ePrivacyseal:

1. Target definition

We will work with you in defining your business and/or specific product-related targets for the certification process, and thereby ascertain whether you wish to obtain a CH or an EU seal.

2. Workshop

In the context of a workshop, ePrivacy's experts will thoroughly and systematically examine your product in light of the applicable technical, organizational and legal requirements, and provide you with valuable information on the state of the art and on any need for optimization.

3. Optimization

Should it be necessary, you will then be given the opportunity to optimize your product from a technical standpoint or to implement improvements of a legal nature in the context of contracts or declarations of consent. ePrivacy's experts will also be happy to advise you at this stage in the process.

4. Final Audit

When your product is ready to undergo a final audit, ePrivacy's accredited experts will examine it in light of the technical organizational and legal criteria stipulated in the list of ePrivacyseal criteria. Where necessary, we will recommend further measures for improvement or issue requirements to be met for the award of the seal of approval.

5. Certification

Certification will be awarded upon the conclusion of the application process by ePrivacyseal GmbH, which will evaluate the technical report and legal opinion prepared by our experts. You will receive the certificate of approval together with our final report, at which point you will be entitled to integrate the seal logo into your website content and PR materials.

6. Recertification

As part of the recertification process, the ePrivacyseal can be renewed and extended for a further 3 years. 

Given that the digital ecosystem is continually changing and, in particular, is a source of much technical innovation which is of relevance from a data protection perspective, the period of validity of ePrivacyseal GmbH's seals is three years. Thereafter, recertification will be necessary, however in our experience this process is significantly less onerous than the initial certification process.

    Dino Bongartz

    CEO, The ADEX | Leading Data Management Platform, Marketplace & Verification

    As a data processor that works with numerous EU and German clients, the ePrivacyseal certification and ePrivacy’s guidance has been particularly valuable.

The ePrivacyseal is applicable to the following industries and business models:

  1. App providers
  2. Big data applications and data providers
  3. Cloud solutions
  4. Connected cars
  5. CRM systems
  6. Digital platforms
  7. eHealth
  8. Face recognition/video analysis
  9. Online trade/e-commerce
  10. Online marketing
  11. Online media
  12. Real-time bidding/programmatic advertising
  13. Retail marketing
  14. Social media
  15. Telecommunications
  16. Tracking solutions
  17. TV/video
  18. etc.

Note: The list of criteria has not yet been approved in accordance with Art. 42 para. 5 GDPR, as the relevant procedures have not yet been made available by the supervisory authorities. ePrivacyseal GmbH is therefore currently not an approved certification body within the meaning of Art. 42 para. 5 GDPR, as such an approval is currently not possible. As soon as a corresponding certification procedure is available, ePrivacyseal GmbH will submit the necessary applications. ePrivacy has been recognised as an expert inspection authority for law and technology (BDSG old version) at the Unabhängigen Landeszentrum für Datenschutz Schleswig Holstein. The applicants should not give any other impression.

Do you have questions or recommendations for us?

We are glad to receive your comments.