We are very proud that we have been awarded the European privacy seal of approval EuroPriSe for data protection certification. We explain what EuroPriSe means, how the certification procedure works and which steps companies should follow to obtain the seal of approval.
What does the EuroPriSe certification mean?
EuroPriSe stands for “European Privacy Seal“. EuroPriSe is the only EU-wide, independent data protection certification body for IT products and IT-based services. As part of the certification process, IT services, IT products and websites receive a seal of quality which serves to certify compliance with data protection guidelines.
The current basis for data protection certification is the European data protection law with the current laws of the GDPR (Data Protection Basic Regulation). The GDPR is intended to ensure that personal data is subject to long-term protection.
The Data Protection Seal of Approval was established in 2007 by the Independent Centre for Privacy Protection, Schleswig-Holstein (ULD – Unabhängiger Landeszentrum für Datenschutz Schleswig-Holstein) and has since then been additionally supported by the European Union. Since 2005, TeamDrive has already been awarded the ULD data protection seal of approval, which is the highest independent data protection certificate in Germany. It is now in the hands of the supervisory authority EuroPriSe GmbH. The supervisory authority is based in Bonn, Germany and nowadays bears full responsibility for the certification process. The ULD only awards the seal of approval in Schleswig-Holstein.
What does the seal of approval stand for?
The seal of approval enables IT companies to prove compliance with current data protection regulations. This enables companies to better assert themselves on the European market and to benefit from competitive advantages over competitors who have not carried out data protection audits.
In addition, the certification supports companies in demonstrating the quality of their products and services according to the current GDPR requirements.
Users and customers should be able to rely on the fact that certified products with the data protection seal of approval are in compliance with the GDPR and are subject to legal requirements. Increased transparency can therefore increase the confidence of customers and consumers and overall customer loyalty.
Overall, the major European goal is to promote the market for technologies that comply with data protection regulations and to build general trust in IT security.
What happens during certification
All manufacturers and service providers who wish to receive the data protection seal of approval must first contact accredited certification bodies. The audit bodies must be approved by EuroPrise GmbH and consist of audit teams or assessors, also known as “experts”.
A two-stage certification procedure then begins. Here, the assigned expert examines organizational measures for data protection which have been set up by the respective company. The criteria are checked with regard to legal and technical aspects.
The basis for this is provided by sufficient and meaningful information on data protection, security concepts and test documentation, which the company to be certified has set up by the time of the audit. If the respective IT company is able to meet all the seal of approval requirements of the audit, the supervisory authority issues the certificate.
As long as the certification is valid – verification of the seal of approval
From the date of certification, the data protection seal of approval is valid for two years and can then be reapplied for or “re-certified” in the respective certification bodies.
During this period, companies are obliged to notify any changes relevant to data protection. It is important to make sure that any new developments still comply with and guarantee the guidelines of the GDPR. Furthermore, nothing may have changed in the IT security of the data during this time.
If, for example, major software revisions, functional enhancements or new security criteria are introduced, the respective providers must have the changes reviewed again by the certification bodies or supervisory authorities as part of a “monitoring procedure” or “surveillance audit”.
These companies can be certified with the seal of approval
The range of companies and services under consideration is wide. From online shops, encrypted cloud services and cloud computing, social networks to digital photo portals – a wide range of online services are eligible for the “European Privacy Seal” certificate. Here it is irrelevant whether the respective providers themselves use personal information or merely process order data. If the IT-based services and products are hardware or software, it also makes no difference. It is important that the companies adhere to the current requirements of the GDPR. Otherwise the chances of obtaining the certificate with the data protection seal of approval are rather poor.
This is how the EuroPrise certification works
The certification procedure is divided into two stages. In the first step (= “Stage 1 Audit“), the applicant must decide on the current certification object. This can be a software or digital product or an IT-based service.
The interested party then commissions a suitable company that offers the audit. A public register of all accredited assessors can be used for the selection. This is followed by an initial interview with the assessor, in which questions and the individual points of the procedure are discussed. Only then can the application form “Application for Certification” be submitted to the supervisory authority.
The official procedure or step 2 only starts when the competent supervisory authority receives information on which evaluation methods the valuer will carry out. This could be, for example, document inspections, on-site appointments and workshops. After the evaluation, the assessor prepares a test report. If all the criteria have been fully checked and have been comprehensibly and uniformly complied with, the certificate is awarded by the responsible supervisory authority. Certified companies are published on the EuroPriSe website.
How companies can obtain the seal of approval
In order to successfully pass the certification process, it is recommended that applicants obtain an overview of whether their company fundamentally complies with all of the GDPR’s guidelines on data protection and data security before the process begins.
After the careful selection of an assessor, it is advisable to have an early initial interview to clarify all necessary questions. Here you should provide sound statements about your product or service.
After the interview, IT products and services can be optimized as part of the application process. It is important to adhere to all the necessary specifications of the test center. Furthermore, stay in contact with your expert, because then the chances to receive the data protection seal of approval from EuroPriSe GmbH are very good.
TeamDrive receives the EuroPriSe data protection seal of approval
TeamDrive undergoes regular extensive tests. On 20th January 2020 the time had come – TeamDrive received the data protection seal of approval. This ensures that TeamDrive fulfills all the guidelines of the GDPR for data security and data protection.