The European Data Protection Seal

What is Europrivacy™/®?

Europrivacy is the first GDPR (General Data Protection Regulation) certification mechanism recognised by the EDPB as the European Data Protection Seal, as defined by Article 42 of the Regulation, in all EU . Europrivacy enables organisations to demonstrate that their data processing activities comply with the EU GDPR and relevant national and international regulations.

The Europrivacy certification scheme was developed through the European Research Programme Horizon 2020, and co-funded by the European Commission and Switzerland. It was approved by the EDPB (European Data Protection Board) as the European Data Protection Seal on 10 October 2022.

It is managed and continually updated by the ECCP (European Centre for Certification and Privacy) in Luxembourg and its International Board of Experts in data protection, with the support of official partners such as the Italian Institute for Privacy and Data Valorisation.

Who needs Europrivacy certification?

Europrivacy enables both data controllers and data processors to formally certify that their data processing activities comply with the GDPR and other relevant data protection laws.

Europrivacy certification is recognised in all 27 EU member states and will be taken into account by the data protection authorities in the case of litigation.

To achieve certification, organisations must meet, among others, the Europrivacy GDPR core criteria, which are maintained by the ECCP and its Europrivacy International Board of Experts.

The core criteria allow organisations to assess their compliance with regard to:

  • Lawfulness of data processing;
  • Special data processing;
  • Data subjects’ rights;
  • Data controllers’ responsibilities;
  • Data processors;
  • Security of processing and data protection by design;
  • Management of data breaches;
  • DPIAs (data protection impact assessments);
  • DPOs (data protection officers); and
  • Transfers of personal data to third countries or international organisations.

Where applicable, the core criteria are complemented by:

  • Complementary contextual checks and controls to assess technology and domain-specific obligations; and
  • Technical and organisational measures checks and controls to assess security requirements.

Certificates are valid for three years.

You can learn more about Europrivacy certification on the Europrivacy website.

Why choose IT Governance?

IT Governance’s parent company, GRC International Group, is an official partner of the European Centre for Certification and Privacy to support the implementation of Europrivacy™/® data protection related services.

Alongside our sister companies IT Governance Europe and GRCI Law Limited, we offer a comprehensive range of services to organisations that wish to certify that their data protection practices comply with the EU GDPR and relevant national data protection laws.

Europrivacy Partner logo

IT Governance is at the forefront of helping organisations implement GDPR-compliant processes and achieve certification to standards and frameworks such as ISO/IEC 27001, ISO/IEC 27701, Cyber Essentials, the PCI DSS, and others.

Our highly experienced consultants, supported by GDPR-specific tools and processes, can work with clients all over the world to ensure that their data processing practices meet the Europrivacy standard, and that they are fit for certification.

As a Europrivacy official partner, GRC International Group has been evaluated and selected on the basis of its track record and expertise in data protection.

Only the official partners are authorised by the ECCP to deliver Europrivacy-related services. You can find a full list of official partners on the Europrivacy website.

Europrivacy is an international trademark registered in several jurisdictions.

Learn more about our GDPR and data protection compliance products and services

SAVE 25%