The CNPD, Luxembourg’s data protection authority, submitted, as the competent supervisory authority, the Europrivacy criteria of certification to the EDPB (European Data Protection Board) for approval. In its opinion from 10 October 2022, the EDPB considered that the Europrivacy certification criteria are consistent with the GDPR (General Data Protection Regulation), resulting in the very first “European Data Protection Seal” (pursuant to Art. 42 (5) GDPR).
The Europrivacy scheme is managed by the European Center for Certification and Privacy (ECCP) in Luxembourg. This certification mechanism is a general scheme that targets a large range of different processing operations performed by both controllers and processors from various sectors. The scheme includes specific criteria that make it scalable and applicable to specific processing operations or sectors of activity.
This approval is another step towards greater GDPR compliance. Certification under the Data Protection Seal has validity in all EU Member States. It allows different controllers and processors in different countries to achieve the same level of compliance for similar processing operations.
Earlier this year, the CNPD was the first data protection authority in Europe that adopted its own national certification scheme GDPR-CARPA. The unique and innovative feature of the CNPD certification mechanism is the fact that it is based on an ISAE report (International Standard on Assurance Engagements).