Understanding the Importance of GDPR Compliance


General Data Protection Regulation (EU) 2016/679 (GDPR) became enforceable on May 25, 2018 with potential fines reaching the higher of EUR 20 million or 4% of global turnover. We look at the possibilities offered by Article 42 of GDPR in relation to the certification of data processing.


GDPR is a data protection and privacy law covering the European Union (EU) and European Economic Area (EEA). Its primary aim is to give individuals control over their personal data, while simplifying the regulatory framework across the EU/EEA. It also addresses the transfer of personal data outside of the EU/EEA.

GDPR utilizes a definition of personal data that covers, “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”

Since its development and implementation, GDPR has been the model for similar legislation in Argentina, Brazil, California (USA), Chile, Japan, Kenya, and South Korea.

Article 42

This article within GDPR encourages, “the establishment of data protection certification mechanisms and of data protection seals and marks, for the purpose of demonstrating compliance with this Regulation [GDPR] of processing operations by controllers and processors.”

While the International Organization for Standardization (ISO) does maintain ISO/IEC 27701:2019 Security techniques, this is mainly focused on the management system and not data processing. It makes its evaluation based on continuous enhancements in the management system and does not specifically relate to legal compliance. It is not, therefore, eligible for GDPR Article 42. Certification standards developed to address Article 42 have to be approved by the European Data Protection Board if they are to have pan-European authority.


Developed through the Horizon 2020 research program and financed by the European Commission, the Europrivacy certification scheme has been designed to fulfil the requirements of Article 42. It provides a state-of-the-art methodology for the certification of conformity with GDPR and covers a wide variety of products, services, processes and information systems. It is constantly being updated to cover emerging technologies and changes in regulations and jurisprudence. It is the first data privacy certification scheme to be submitted to the European Data Protection Board and is currently the only scheme going through the formal approval process.

Europrivacy provides organizations with a comprehensive and systematic assessment of their conformity to GDPR. This covers the identification of all processed personal data and its lawfulness. It also considers the requirements regarding minors, transparency, the personal data life cycle, the effective implementation of the data subject’s rights, security and, where applicable, complementary national and/or domain specific requirements.

Benefits of Europrivacy include:
  • ISO compliant – it is easily combinable with ISO 27001 Information Security Management
  • Applicable to emerging technologies
  • Continuously updated to align with regulatory and jurisprudence changes
  • Can be extended to cover complementary national obligations
  • Comprehensive – covers most data processing activities
  • Developed and maintained by an independent board of global experts


For stakeholders, the benefits of certification to Europrivacy include:

  • Identification and reduction in legal and financial risks through audit and systematic gap analysis
  • Demonstrates compliance to GDPR through impartial third-party assessment
  • Improves your reputation and access to markets
  • Eases cross-border data transference
  • Reduce risk associated with the selection of data processors
  • Builds competitive advantage in both B2B and B2C
  • Builds trust and confidence in your organization and its systems

There are three board stages to Europrivacy certification:

  1. Checking and documenting conformity
  2. Certification via an approved third-party body
  3. Maintenance and enhancement in compliance


Working in this way, an organization moves from uncertainty and risk, to trust and confidence in their GDPR compliant data processing systems.

SGS Solutions

SGS, leveraging its comprehensive data protection certification scheme for GDPR compliance, has partnered with EuroPrivacy to deliver certification services that demonstrates GDPR compliance.

Learn more about how SGS Partners with Europrivacy to Deliver the First Comprehensive Data Protection Certification for Demonstrating GDPR Compliance.



Your name

Your e-mail

Name receiver

E-mail address receiver

Your message




Sign up