The “European Privacy Seal” (EuroPriSe) certificate is intended to certify to other companies that their order processing meets the requirements of European data protection law.
“All in all, we have only completed two procedures with national certification criteria in Europe. Our approval of the criteria for EuroPriSe GmbH is the first in Germany and Europe that affects certifications by companies,” explains Bettina Gayk, the state commissioner for data protection in North Rhine-Westphalia. In practice, many companies or authorities have their data processed by processors. This can be, for example, the services of a data center, outsourced cloud services or support with specific software products. It is often not easy for those who want to use them to judge whether these services comply with data protection regulations. A certificate simplifies this assessment.
Certification means – in general – an assessment by independent experts who analyze the processing of personal data and check for compliance with standards. Criteria and methods for the assessment are defined in a “conformity assessment program”. According to the General Data Protection Regulation (GDPR), this program must be submitted to the supervisory authority for assessment and approval. Gayk: “In accordance with European data protection law, we have checked whether the criteria according to which the certificates are to be issued to processors actually ensure compliance with the GDPR when processing personal data – and thus protect personal rights.” Such certifications are only introduced with the GDPR, which has been in force since May 2018.
Certificates are a tried-and-tested tool for providing market participants with guidance on data protection-compliant products. “Certificates mean more transparency for everyone whose data is processed. They provide a quick overview of the data protection level of relevant products and services,” explains the NRW data protection officer.
The foundations for uniform European certification and accreditation procedures are laid in Articles 42 and 43 of the GDPR.
resource: https://www.ldi.nrw.de/ldi-nrw-genehmigt-erste-deutsche-kriterien-fuer-datenschutz-zertifizierung