Reduce your Risks and Costs

Under Art. 28 GDPR companies that share personal data with service providers (data controllers) remain legally liable for any breach of data protection by their processors. In case of an incident, they are expected to prove that they do everything in their power to monitor and prevent such incidents.

"The controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject." Art. 28 GDPR

Art. 28(5) clarifies that the GDPR certification of data processors can be used "to demonstrate sufficient guarantees". Hence, GDPR certification contributes to significantly reducing risks, as well as monitoring efforts and costs for both parties. It also constitutes a competitive advantage for the certified services of the data processor.

This benefit is only recognized for certifications formally recognized under Art. 42 GDPR, such as Europrivacy. It is not applicable to non-GDPR certifications such as ISO 27701.

Enhance your Procurement Policy

1. Contact your data processors and invite them to certify their services with Europrivacy. You can indicate a deadline (i.e. 12 months) to complete the process and mention that passed this deadline, their certification or absence of certification will be considered for the continuation of the service agreement.
2. Adapt your procurement policy and add the following requirement in your calls for tender or application form: "Provide information on the certification of your service with a certification scheme recognized under Art. 42 GDPR." Add the existence of a valid GDPR certification of the requested service either as: (1) a strict eliminatory requirement, or as (2) a selection factor by adding a dedicated number of points to the score of the application when ranking the received offers.

Special Programme for Large Data Controllers

ECCP offers a special support programme for free to companies using more than 20 service providers and with a substantial turnover. The programme includes a free Welcome Pack and personal guidance. This programme is not eligible to public bodies and private entities subject to public contract law. Use the dedicated contact form to learn more about it.

Private Companies with:
>30 Million Turnover
>20 Data Processors

Benefits:
✓ Free Welcome Pack
✓ Customized support and guidance
✓ Guidelines, templates and resources for tendering

To learn more:
contact@europrivacy.com