Our CEO and Founder, Prof. Bauer, has written an article in the trade journal “Datenschutzberater” about data protection certificates. In the article, Prof. Bauer shares an overview of the status quo and discusses the advantages and disadvantages of a state-accredited seal.
Data protection certificates according to Art. 42 GDPR will soon be offered by various certification bodies. When selecting a data protection certificate, it is important to consider the scope of the certificate (only data processing processes, only for processors, for clouds, etc.). There are many risks regarding the legal certainty of the requirements, e.g. the implementation of all “working papers” and other recommendations of the data protection authorities is required. A very long and complex process for recognizing the certificates leads to a complex operation of the certification bodies and ultimately high costs for applicants.
One possible alternative are “free” data protection seals, such as the ePrivacyseal. They are legally possible, have been issued for many years and are widely used. With extensive technical and legal assessments, they provide much more than is usually documented in organizations. They are therefore also useful as proof of compliance with the GDPR (except Art. 42) and can be used very well for marketing purposes.
Compared to a data protection certificate according to Art. 42 GDPR, “free” seals have significant advantages, such as through a much broader scope of application, more favorable design for SMEs and more flexible use for new technologies. In addition, they are cost-effective, and certification can be achieved much faster.
The entire article by Prof. Bauer is available online (only in German).