Certify your data processing procedures by a state-accredited data protection seal of approval.

Obtaining the state-accredited ePrivacycert (pursuant to Art. 42 GDPR) enables companies in the EU to prove that their data processing procedures comply with GDPR (i.e., marketing purpose). Data protection seals fulfil any obligations to provide evidence to supervisory authorities, as well as proof of the existence of necessary guarantees for data transfers to third-party countries.

Certification with the ePrivacycert seal is therefore the opportunity to document compliance with GDPR via a state-accredited process. 

Your benefit: 

Benefit from the advantages of the accredited ePrivacycert data protection seal of approval regarding the proof of compliance with the rules of GDPR and a significantly improved reputation of your company in the market.

Management system for the organisation of information security (ISMS) according to international standard

Information security shall sufficiently protect information of any kind against loss, manipulation, and unauthorized access by third parties. Implementation is to be ensured by a suitable information security management system (ISMS) with appropriate technical and organizational measures according to comprehensive Plan-Do-Check-Act processes.

Risks for companies can arise from outdated technology, operating errors, or infections with malware. There is a threat of IT failures, cybercrime, and data misuse. The ISO 27001 certification, which has proven itself in practice over many years, offers the opportunity to introduce a robust information security process to systematically meet the expectations of legislators, customers and stakeholders. Therefore, sharpen your company profile and improve your competitiveness in the market.

In today's complex business environment, many clients insist on an appropriate certification of their business partners. ISO 27001 is the global benchmark for effective information security management.

The standard serves as an orientation to anchor continuous information and data security in business management. Financial losses due to data breaches and resulting potential lawsuits can be avoided. Business risks and the dangers of information loss, data misuse and other IT risks are reduced.

Only the information security management system (ISMS) is certified. The focus is on IT and not on the authority to process data and compliance with the GDPR.

A competitive advantage: 

Receive legal certainty and professional use of the certificate in your communication through professional and proven certification according to ISO 27001.

Information management system as an expansion stage based on an ISMS in accordance with ISO 27001 for data security + data protection

Data protection is closely linked to data security. If the latter has already been certified through an existing implementation of ISO 27001 an extension can be made through a corresponding data protection management system (also known as PIMS, Privacy Information Management System). This is done within the new ISO 27701. This is now an extended protection for companies' personal data. 

ISO 27701 also contains supplements to ISO 27002, the guideline for implementing the measures from Annex A of ISO 27001. The standard provides guidance on the following points:

• Expansion to include aspects of data protection
• Appointment of a person responsible for the “Privacy Information Management System”
• Data protection training for employees
• Logging of accesses and changes
• Encryption, e.g., highly sensitive categories of personal data (e.g. health data)
• Consideration of the Privacy-By-Design principle
• Security incident review of data breaches

The certification of a data protection management system within ISO 27701 is different to a certification by a data protection seal of approval (according to Art. 42 DS GVO). Only a data protection seal of approval verifies if the data protection measures, and business processes comply with GDPR. The demarcation from a certification of a data protection management system within the framework of ISO 2770 is a complex topic. If you have any questions, please do not hesitate to contact us.

Your advantage in data protection:

Certification according to ISO 27701 enables you to proof data protection and the management of personal data, globally. The company's position in the market will be significantly strengthened.