The Europrivacy Community and Resources website gathers all relevant information and documents to reduce your risks and to document, check, certify, and value your compliance with data protection regulations. To access these documents and resources, you must have subscribed to the community.

If you are alreadey subscribed, please log in. Otherwise, you are welcome to subscribe through the homepage.

How can Europrivacy assess a large diversity of data processing in an adequate and reliable manner?

Europrivacy has developed an innovative hybrid model of certification scheme that combines the advantage of a universal certification scheme with a comprehensive series of criteria. These criteria are applicable to any data processing with the strength of specialised certification schemes by adding complementary contextual criteria that enable to assess technology and domain specific risks for the data subjects (more details).

Europrivacy also distinguishes High Risk Data Processing from regular ones. High Risk Data Processing is defined as any data processing that:

  • processes special categories of personal data or data relating to criminal convictions, or;
  • specifically targets personal data of minors of age, or;
  • is likely to result in a high risk for the rights and freedom of natural persons.[1]

Whenever a Target of Evaluation includes High Risk Data Processing, complementary criteria (labelled as level B) must be additionally applied and assessed by the auditor in order to take into account the higher level of risk.

In all cases, the applicability of criteria is not decided by the auditor but determined by the Target of Evaluation.

[1] The Certification Body shall take into account the EDPB guidelines on Data Protection impact assessments High risk processing.

error: Content is protected !!