GDPR certification criteria from Luxemburg

https://cnpd.public.lu/dam-assets/fr/actualites/national/2018/GDPR-CARPA-Criteria-v10.pdf

” This document was prepared by the Commission Nationale Pour la Protection des Données (‘CNPD’) in collaboration with representatives from the audit profession. It contains the criteria for the “GDPR-CARPA” certification mechanism. This document should be read in conjunction with the “GDPR-CARPA” certification mechanism document. These certification criteria are a mandatory requirement to evaluate and report on controls over organizational and technical data protection measures, to be eligible for certification. Evaluation and reporting needs to follow the ISAE 3000 standard. Certification can only be granted by certification bodies that have been accredited by CNPD. “

ENISA on European Data Protection Certifications

incl. an analysis of the following certifications:

  • ePrivacyseal EU
  • EuroPrise
  • CNIL Labels
  • ICO Privacy Seal (under development)
  • Certification based ON ISO/IEC 27001
  • Certification based on ISO/IEC 27018 – PrivacyMark system
  • Privacy by Design by Ryerson University and Deloitte Canada

https://www.enisa.europa.eu/publications/recommendations-on-european-data-protection-certification

Obviously, I am a bit partial to EuroPriSe – which does very well in the comparison.