Data protection seals are an important tool for building trust among customers and partners.
For the awarding of data protection seals, it is particularly important to adhere to recognized standards to ensure they are credible, transparent, and meaningful. At a minimum, pay attention to these six standards:
- Criteria catalog based on established norms and standards (e.g., EU GDPR, TDDDG, state of the art, etc.).
- Publicly accessible criteria catalog that clearly outlines the assessment criteria. The catalog should be publicly available so that the requirements are transparent.
- Expert and recognized auditors: Evaluations for a data protection seal must be conducted by technical and legal experts who are recognized by an independent body. This ensures that the assessment is professionally sound and impartial.
- Certificates issued with detailed justification, including the scope of the certification and an explanation of why the seal was awarded.
- Publication of certificates: A credible seal makes its results traceable. The certificate should clearly state the system audited, the audit period, and the validity period.
- Separation of certification and consulting through the operation of an independent certification body that issues certificates without providing consulting services and also maintains a complaints office for potential grievances.
These six standards apply not only to data protection seals but also to other certifications, such as those in IT security or compliance. Additionally, a seal should be recognized in the market.
Pay attention to these standards when selecting certifications.