Audit and certify your data protection conformity

Solutions

Audit and certify your data protection conformity

Deloitte has been selected as a EuroprivacyTM/® official partner by the European Centre for Certification and Privacy. We help our clients certify the conformity of their data processing activities with Europrivacy and the European General Data Protection Regulation (GDPR).

The GDPR contains over 70 certification references for organizations to demonstrate the conformity of their processing activities with the regulation. This includes selecting data processors with an adequate level of data protection and for authorizing cross-border data transfers. Non-conformity with the GDPR carries important legal and financial risks, which are hidden costs until a company is fined up to €20 million or 4% of its worldwide turnover (art.83.5 GDPR). A GDPR certification reduces these legal and financial risks and can substantially save costs. Europrivacy certificates demonstrate that a company is engaged in protecting personal data and is a trustable service provider for its customers, as well as a reliable data processor for its business partners. Companies with certified data processing activities position themselves as front-runners in data protection with a strong competitive advantage on the market. As a company is also liable for its choice of data processors, it can require them to certify their services to protect itself from legal and financial risks.

Your smart journey to GDPR certification

Deloitte helps you obtain Europrivacy certification of your data processing activities, enabling you to select priority activities and progressively certify them once they are ready. Deloitte:

Selects two data processing activities to be certified as a priority;

Prepares the priority data processing activities for certification by documenting their conformity; 

Offers remediation support in case of residual non-conformities;

Prepares the selected processing activities for certification by an independent certification body and supports the process; 

Elaborates a certification plan for the remaining data processing activities that require certification; and

Gives you access to continuous updates on European and national requirements related to personal data protection to maintain and enhance your conformity.

A reliable certification process

The Europrivacy certification scheme has been developed through the European research program financed by the European Commission. It is designed to address the GDPR’s specific obligations and to serve as an official certification scheme under article 42 of the GDPR. It has been developed by experts in data protection in consultation with national supervisory authorities. The certification scheme is managed and continuously updated by the European Centre for Certification and Privacy (ECCP) in Luxembourg and its International Board of Experts in data protection.

Europrivacy applies to all kinds of data processing, including emerging technologies. It enables you to document, assess, and certify your conformity with the GDPR and complementary national data protection regulations. And, it allows you to select priority data processing activities and progressively certify them once they are ready.

Europrivacy is closely aligned with ISO standards and complements management system certifications, such as ISO/IEC 27001 or 27701. While the latter enables the certification of the quality of an information management system, Europrivacy has been designed to certify compliance of data processing activities with the GDPR and complementary national data protection regulations, in accordance with the guidance of the European Data Protection Board (EDPB). It is the first scheme that has been submitted by a European national data protection authority to the EDPB as part of the endorsement process by the EU as a European certification scheme under the Art. 42 of the GDPR.

Europrivacy is delivered by qualified Certification Bodies gathering adequate legal and technical expertise. The certification is aligned with the applicable ISO/IEC 17065 and 17021-1 principles. It combines various methodologies, such as documentation review, sampling analysis, technical tests, inspections, and interviews. Delivered certificates can be verified and authenticated on the public Europrivacy Registry, enhanced with Blockchain technology to maximize authentication, reliability and transparency of certificates.

More About Europrivacy: https://www.europrivacy.com/

 

Europrivacy is an international trademark registered in several jurisdictions.

Contacts

Georges Wantz

Georges Wantz

Managing Director | Advisory & Consulting

Georges Wantz joined Deloitte in September 2016 as Director in the Technology & Enterprise Application department. Georges has 18 years experience in the finance industry where he held different local... More

Irina Hedea

Irina Hedea

Partner | Information & Technology Risk

Irina is a Partner in Advisory & Consulting, where she focuses on Information Security Management. With more than 10 years’ experience, she is assisting the clients in the various projects related to ... More

Roland Bastin

Roland Bastin

Partner | Forensic & Risk Advisory

Roland is a partner within the advisory and consulting department and joined the Risk Advisory practice of Deloitte in 2001. He is responsible for IT audit, IT security, IT regulatory compliance, Data... More

Insert CSS fragment. Do not delete! This box/component contains code needed on this page. This message will not be visible when page is activated.