Make your GDPR-Compliance visible

Germany's first accredited certification according to Article 42 GDPR for processors.

Make your GDPR-Compliance visible

Germany's first accredited certification according to Article 42 GDPR for processors.

The EuroPriSe certification for processors

Is your company a processor as defined by the GDPR?

According to Article 4 No. 8 GDPR, a processor is an entity that processes personal data on behalf of the controller. Processing is always deemed to be commissioned if the service provider processes the data strictly in accordance with instructions. The following companies are examples of processors:

The EuroPriSe certification for processors

Is your company a processor as defined by the GDPR?

According to Article 4 No. 8 GDPR, a processor is an entity that processes personal data on behalf of the controller. Processing is always deemed to be commissioned if the service provider processes the data strictly in accordance with instructions. The following companies are examples of processors:

Finden Sie in 90 Sekunden heraus, ob die EuroPriSe-Zertifizierung nach Art. 42 DSGVO das Richtige für Sie ist.

Privacy certification = Privacy certification?

Find out at a glance why it is not that easy. In an exclusive comparison of the EuroPriSe Cert according to Article 42 GDPR and the popular ISO27701.

Privacy certification = Privacy certification?

Find out at a glance why it is not that easy. In an exclusive comparison of the EuroPriSe Cert according to Article 42 GDPR and the popular ISO27701.

Secure your exclusive competitive advantage as a processor

Your privacy. Your USP.

100% transparency of your standards

You know that your data processing is 100% GDPR-compliant. But how can you prove your high standards and use them as an argument? With EuroPriSe certification, you finally have the chance to officially prove your GDPR compliance.

Smart risk management

As part of the certification process, we check your data processing processes against the highest standards. If there are any weaknesses, these will be identified and you will have the opportunity to rectify them. In the event of a fine, certification also has a mitigating effect.

Developing new markets

Awareness of the data protection standards of data processors continues to grow. Processors who can objectively demonstrate their high quality in the context of data processing are winning more orders and tapping into great sales potential.

More trust in you

Many processors are faced with the challenge of effectively differentiating themselves from competitors with seemingly identical offerings. With Germany's first accredited data protection certification, you will find your USP: more trust in you.

Secure your exclusive competitive advantage as a processor

Your privacy.
Your USP.

100% transparency of your standards

You know that your data processing is 100% GDPR-compliant. But how can you prove your high standards and use them as an argument? With EuroPriSe certification, you finally have the chance to officially prove your GDPR compliance.

Smart risk management

As part of the certification process, we check your data processing processes against the highest standards. If there are any weaknesses, these will be identified and you will have the opportunity to rectify them. In the event of a fine, certification also has a mitigating effect.

Developing new markets

Awareness of the data protection standards of data processors continues to grow. Processors who can objectively demonstrate their high quality in the context of data processing are winning more orders and tapping into great sales potential.

More trust in you

Many processors are faced with the challenge of effectively differentiating themselves from competitors with seemingly identical offerings. With Germany's first accredited data protection certification, you will find your USP:
more trust in you.

Learn more about the individual benefits of EuroPriSe certification for your company

Secure your competitive advantage - as one of the first processors with an officially accredited certification in accordance with Article 42 GDPR

Learn more about the individual benefits of EuroPriSe certification for your company

Secure your competitive advantage - as one of the first processors with an officially accredited certification in accordance with Article 42 GDPR

The EuroPriSe certification process

With Germany's first officially accredited certification in accordance with the GDPR, you as a processor can prove your high data protection standards.

Der Ablauf einer
The EuroPriSe certification process

With Germany's first officially approved GDPR certification, you as a processor can prove your high data protection standards.

The start of your certification process

  • The first step is to specify the target of evaluation (ToE).
  • You then carry out a privacy-specific risk analysis and a maturity assessment of the processing operations to be certified.

EuroPriSe certifies your company

  • Once the contract has been successfully concluded, the legal and technical evaluation begins.
  • In the subsequent assessment phase, our teams of specialists decide whether your activities as a processor comply with the legal and technical requirements of the GDPR.

Congratulations

  • You receive the officially accredited EuroPriSe certification in accordance with Article 42 GDPR
  • During the validity of the certification, surveillance activities ensure that the object of certification continues to meet all relevant requirements.

After certification is before recertification

  • Three years after the certificate has been issued, the first recertification is due so that you can continue to benefit from the numerous advantages of your EuroPriSe certification.
  • We guide you through this process step by step too.

The start of your certification process

  • The first step is to specify the target of evaluation (ToE).
  • You then carry out a privacy-specific risk analysis and a maturity assessment of the processing operations to be certified.

EuroPriSe certifies your company

  • Once the contract has been successfully concluded, the legal and technical evaluation begins.
  • In the subsequent assessment phase, our teams of specialists decide whether your activities as a processor comply with the legal and technical requirements of the GDPR.

Congratulations

  • You receive the officially approved EuroPriSe certification in accordance with Article 42 GDPR
  • During the validity of the certification, surveillance activities ensure that the object of certification continues to meet all relevant requirements.

After certification is before recertification

  • Three years after the certificate has been issued, the first recertification is due so that you can continue to benefit from the numerous advantages of your EuroPriSe certification.
  • We guide you through this process step by step too.

Certification criteria for processors

Overview of the certification process

Certification criteria for processors

Overview of the certification process

Complaints and appeals

Appeal is the request of a certification client to the certification body to review a decision made by the certification body regarding the subject matter of the certification.

Appeals must be submitted by the certification client (appellant) using a corresponding form on the certification body's website (see below). The appellant receives an automated confirmation of receipt once the appeal has been successfully submitted.

Upon receipt of an objection, the certification body decides whether it is admissible (i.e. whether it relates to certification activities for which the certification body is responsible) and therefore whether its content must be examined and decided upon. As a rule, it informs the appellant of its decision on admissibility within ten working days of receiving the appeal.

The certification body shall ensure that the decision resolving the (admissible) objection is made or assessed and approved by persons who are not or were not involved in the certification activities to which the objection relates. These persons must meet the competence criteria defined by the certification body for the appeal function.

To ensure that there is no conflict of interest, certification body personnel who have provided consultancy services to a client within the last two years or who have been in an employment relationship with the client may not be used by the certification body to assess or approve the resolution of an objection from the client concerned.

The certification body is responsible for collecting and verifying all necessary information (as far as possible) in order to reach a decision on the objection. If necessary, the certification body may ask the objector to clarify the subject of the objection and provide further relevant information. The duration of this phase (determination and evaluation of all relevant information) depends on the degree of complexity of the respective objection.

If the objection is justified, the certification body shall take all necessary follow-up measures to resolve the objection.

The certification body formally informs the appellant of the result and conclusion of the appeal procedure.

In the event of justified objections, the certification body shall inform the competent data protection supervisory authority.

The certification body documents and tracks objections and the measures taken to resolve them.

Complaint is an expression of dissatisfaction with the activities of the certification body, which awaits a response and - unlike an objection - can be lodged with the certification body by any person or organization.

Complaints must be submitted by the complainant using a corresponding form on the certification body's website (see below). The complainant will receive an automated confirmation of receipt once the complaint has been successfully submitted.

Upon receipt of a complaint, the certification body decides whether it is admissible (i.e. whether it relates to certification activities for which the certification body is responsible) and must therefore be examined and resolved. As a rule, it informs the complainant of its decision on admissibility within ten working days of receiving the complaint.

The certification body shall ensure that the decision resolving the (admissible) complaint is made or assessed and approved by persons who are not or were not involved in the certification activities to which the complaint relates.

To ensure that there is no conflict of interest, certification body personnel who have provided consultancy services to a client within the last two years or who have been in an employment relationship with the client may not be used by the certification body to assess or approve the resolution of a complaint from the client concerned.

The certification body is responsible for collecting and verifying all necessary information (as far as possible) in order to reach a decision on the complaint. If necessary, the certification body may ask the complainant to clarify the subject matter of the complaint and provide further relevant information. The duration of this phase (identification and assessment of all relevant information) depends on the degree of complexity of the complaint in question.

If the complaint is justified, the certification body shall take all necessary follow-up measures to resolve the complaint.

Wherever possible, the certification body shall formally inform the complainant of the outcome and termination of the complaints procedure.

In the event of justified complaints, the certification body shall inform the competent data protection supervisory authority.

The certification body documents and tracks complaints and the measures taken to resolve them. 

Complaints and appeals

Appeal is the request of a certification client to the certification body to review a decision made by the certification body regarding the subject matter of the certification.

Appeals must be submitted by the certification client (appellant) using a corresponding form on the certification body's website (see below). The appellant receives an automated confirmation of receipt once the appeal has been successfully submitted.

Upon receipt of an objection, the certification body decides whether it is admissible (i.e. whether it relates to certification activities for which the certification body is responsible) and therefore whether its content must be examined and decided upon. As a rule, it informs the appellant of its decision on admissibility within ten working days of receiving the appeal.

The certification body shall ensure that the decision resolving the (admissible) objection is made or assessed and approved by persons who are not or were not involved in the certification activities to which the objection relates. These persons must meet the competence criteria defined by the certification body for the appeal function.

To ensure that there is no conflict of interest, certification body personnel who have provided consultancy services to a client within the last two years or who have been in an employment relationship with the client may not be used by the certification body to assess or approve the resolution of an objection from the client concerned.

The certification body is responsible for collecting and verifying all necessary information (as far as possible) in order to reach a decision on the objection. If necessary, the certification body may ask the objector to clarify the subject of the objection and provide further relevant information. The duration of this phase (determination and evaluation of all relevant information) depends on the degree of complexity of the respective objection.

If the objection is justified, the certification body shall take all necessary follow-up measures to resolve the objection.

The certification body formally informs the appellant of the result and conclusion of the appeal procedure.

In the event of justified objections, the certification body shall inform the competent data protection supervisory authority.

The certification body documents and tracks objections and the measures taken to resolve them.

Complaint is an expression of dissatisfaction with the activities of the certification body, which awaits a response and - unlike an objection - can be lodged with the certification body by any person or organization.

Complaints must be submitted by the complainant using a corresponding form on the certification body's website (see below). The complainant will receive an automated confirmation of receipt once the complaint has been successfully submitted.

Upon receipt of a complaint, the certification body decides whether it is admissible (i.e. whether it relates to certification activities for which the certification body is responsible) and must therefore be examined and resolved. As a rule, it informs the complainant of its decision on admissibility within ten working days of receiving the complaint.

The certification body shall ensure that the decision resolving the (admissible) complaint is made or assessed and approved by persons who are not or were not involved in the certification activities to which the complaint relates.

To ensure that there is no conflict of interest, certification body personnel who have provided consultancy services to a client within the last two years or who have been in an employment relationship with the client may not be used by the certification body to assess or approve the resolution of a complaint from the client concerned.

The certification body is responsible for collecting and verifying all necessary information (as far as possible) in order to reach a decision on the complaint. If necessary, the certification body may ask the complainant to clarify the subject matter of the complaint and provide further relevant information. The duration of this phase (identification and assessment of all relevant information) depends on the degree of complexity of the complaint in question.

If the complaint is justified, the certification body shall take all necessary follow-up measures to resolve the complaint.

Wherever possible, the certification body shall formally inform the complainant of the outcome and termination of the complaints procedure.

In the event of justified complaints, the certification body shall inform the competent data protection supervisory authority.

The certification body documents and tracks complaints and the measures taken to resolve them. 

Frequently asked questions & our answers

Yes. Since our accreditation as Germany's first company that is able to certify processors in accordance with Article 42 GDPR, we have focused exclusively on this.

The duration of certification varies between a few weeks and up to 12 months, depending on the size of the processor's company. We will be happy to provide you with an individual assessment in a non-binding initial meeting.

The certification is awarded for 3 years and can then be extended by recertification.

Frequently asked questions & our answers

Yes. Since our accreditation as Germany's first company that is able to certify processors in accordance with Article 42 GDPR, we have focused exclusively on this.

The duration of certification varies between a few weeks and up to 12 months, depending on the size of the processor's company. We will be happy to provide you with an individual assessment in a non-binding initial meeting.

The certification is awarded for 3 years and can then be extended by recertification.

Are you a processor with high privacy standards?

Then the officially accredited EuroPriSe certification has many opportunities in store for you.

Are you a processor with high privacy standards?

Then the officially accredited EuroPriSe certification has many opportunities in store for you.

EuroPriSe

Germany's first certification for processors in accordance with Article 42 GDPR.

Contact

Joseph-Schumpeter-Allee 25
53227 Bonn

EuroPriSe

Germany's first certification for processors in accordance with Article 42 GDPR.

Contact

Joseph-Schumpeter-Allee 25
53227 Bonn

© All Rights Reserved.

© All Rights Reserved.