EuroPrivacy delivers step-by-step services adapted to the level of maturity of the applicant, from awareness to certification. It enables applicants to choose where to start, according to their level of readiness, with the possibility to stop or suspend the process at the end of any stage. All services are delivered under the seal of confidentiality by selected experts. Europrivacy certificates are delivered by certification body dully authorized by the European Center for Certification and Privacy.
The GDPR Awareness takes the form of a one day introduction to the GDPR rules and requirements. It provides general information to better understand what is expected by the European Union in terms of personal data protection. This awareness course is designed to accommodate groups of participants and can be organized for several applicants at a time to minimize the costs.
The Quick Check intends to perform a preliminary check of the level of compliance with the GDPR. It enables identifying major areas of non-conformities that the applicant will have to focus on. The Quick Check takes the form of a half day (up to a full day) of on site or online discussion led by experts. It enables the applicant and the experts to clarify together the scope of certification, as well as to better assess the expected time frame and number of audit days required for completing the certification.
DPIA & Risk Analysis
Article 35 of the GDPR requires data controllers to carry out Data Protection Impact Assessment for assessing the impact of their envisaged processing operations on the protection of personal data. In parallel, the GDPR exposes companies to major legal, financial and reputational risks. EuroPrivacy gives access to experts in the domain of DPIA and Risk analysis. The DPIA will focus more on the risks for the data subjects, while the risk analysis will focus more on the risks for the applicant.
Audit and Gap Analysis
EuroPrivacy provides a highly comprehensive and reliable methodology to assess the level of compliance of processes, services, products and information management systems with the GDPR. It takes the form of a systematic analysis of compliance led by an audit team gathering legal and technical experts. The output of this process is a written report with the detailed list of identified non-conformities. It constitutes a major part of the certification process.
After the applicant has successfully addressed all the identified non-conformities, the audit team will assess and check that all non-conformities have been adequately resolved. If this is the case, the authorized Certification Body can deliver the formal Europrivacy certificate, which is valid for an initial period of three years and is renewable.
Surveillance and Monitoring
The GDPR requires that certification be monitored. Europrivacy perform surveillance audits and monitoring of GDPR compliance. It provides an independent third-party monitoring, which contributes to reduce risks of GDPR breach.
Europrivacy related services are focused on assessing GDPR compliance. They help identifying in a systematic and detailed manner non-conformities an applicant will have to address in order to be fully compliant with the GDPR and certified. In conformity with ISO rules of impartiality, the Audit Teams what are authorized to describe and explain the non-conformities, but they are not authorized to deliver consulting on how these non-conformities shall be solutioned. It is the responsibility of the applicant to choose and implement the adequate solutions.