” This document was prepared by the Commission Nationale Pour la Protection des Données (‘CNPD’) in collaboration with representatives from the audit profession. It contains the criteria for the “GDPR-CARPA” certification mechanism. This document should be read in conjunction with the “GDPR-CARPA” certification mechanism document. These certification criteria are a mandatory requirement to evaluate and report on controls over organizational and technical data protection measures, to be eligible for certification. Evaluation and reporting needs to follow the ISAE 3000 standard. Certification can only be granted by certification bodies that have been accredited by CNPD. “
The Article 29 Working Party welcomes comments on the Guidelines on the accreditation of certification bodies (wp261). Such comments should be sent to the following address by 30 March 2018 at the latest.
incl. an analysis of the following certifications:
- ePrivacyseal EU
- CNIL Labels
- ICO Privacy Seal (under development)
- Certification based ON ISO/IEC 27001
- Certification based on ISO/IEC 27018 – PrivacyMark system
- Privacy by Design by Ryerson University and Deloitte Canada
Obviously, I am a bit partial to EuroPriSe – which does very well in the comparison.
Register of the Privacy Seals awarded by EuroPriSe.
The short reports that are published on the site give great guidance on best practises!