70th Edition of the Synergy Magazine

Page 10

Partners' and Externals' Perspective

EUROPRIVACY, A DIGITAL BY DESIGN CERTIFICATION SCHEME FOR GDPR COMPLIANCE

Dr Sébastien Ziegler

Chairman of the Europrivacy International Board of Experts Europrivacy

Europrivacy is a certification scheme developed through the European Research Programme Horizon 2020 to assess data processing activities and certify their compliance with the European General Data Protection Regulation (GDPR) obligations and complementary data protection regulations. It is managed by the European Centre for Certification and Privacy (ECCP) in Luxembourg under the supervision of an International Board of Experts. Europrivacy has been brought by the Luxembourgish National Commission of Data Protection (CNPD) to the European Data Protection Board (EDPB) for endorsement under art. 42 GDPR. It is the first certification scheme under review for official recognition as European Seal. GDPR Certification – a powerful mechanism not exploited yet There are over 70 references to certification in the GDPR, including for assessing the compliance of data processors (Art. 28.5 GDPR), for cross-border data transfers (Art. 42.2, 46.2.f GDPR) or for assessing the adequacy of technical and organizational measures set in place (Art. 32.3 GDPR). As stated in the Regulation, 10 | SYNERGY Magazine

the purpose of certification is for “demonstrating compliance with this regulation of processing operations by controllers and processors” (Art. 42 GDPR) and “allowing data subjects to quickly assess the level of data protection of relevant products and services.” (Recital 100 GDPR). As a consequence, certification under the GDPR is subject to very specific requirements. For instance, it needs to be aligned with the evolution of the regulation, its related jurisprudence and soft law, including EDPB publications. That is why Europrivacy is supported by an International Board of Experts in charge of continuous monitoring of the evolution of the data protection related obligations for updating the scheme accordingly. In other words, Europrivacy is a living scheme in osmosis with the regulatory environment. Another requirement is to specifically focus on certification of data processing activities. Consequently, certification of management systems, such as ISO/IEC 27001 and 27701, is not eligible under art. 42 GDPR. The benefit of this approach is

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

E-Voting: Opportunity or Threat?

4min
pages 36-38

"Meet your Robot Judge"

6min
pages 33-35

The Cosmetic Industry and Augmented Reality: Biometric Data Collection and the Privacy Paradox

7min
pages 30-32

Civil and Criminal Liability and Autonomous Robotic Surgery

4min
pages 28-29

Blockchain and the Right to be Forgotten

4min
pages 24-25

Europrivacy, a digital by design certification scheme for GDPR compliance

7min
pages 10-13

The Reality of Crypto-Assets: Tax Issues and Prospects Within the EU

6min
pages 26-27

Are we ready for the digital era?

9min
pages 6-9

Ethical Perspectives on Mandatory Digital Currencies

6min
pages 20-23

The ‘Digitally Capable’ Lawyer – Preparing the future generation

3min
pages 14-15

Law Students in the Digital Marketplace

5min
pages 18-19

Is Personal Data the New Currency?

5min
pages 16-17
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.