State data protection seal
A data protection seal according to Art. 42 and Art. 43 GDPR is awarded by a state-accredited certification body and serves as an official state-recognized GDPR award for data processors or controllers.
ePrivacy advises
Our experienced data protection experts advise you within the framework of the available governmental certification. The separation of consultation and certification by different individuals ensures the independence of the involved parties, their integrity, and compliance with legal requirements. With over 450 certifications in 12 years and the establishment of several certification bodies, our experts bring comprehensive experience for your governmental certification.
Through our partner network, you have the opportunity to choose the certification body that best suits your needs. We are happy to advise you on which certification body is most suitable for obtaining a governmental data protection seal.
The process for obtaining a state data protection seal is complex and time-consuming. Comprehensive consultation and support throughout the certification project are essential to ensure that the seal application is submitted with complete, sufficient, and high-quality documentation. This approach saves additional efforts and costs during the certification process. State certification projects can take 12-18 months. For digital health applications (DiGAs) requiring a governmental seal by law, there is currently no available governmental accreditation procedure on the market (as of June 2024), but it is expected to be available soon.
The material prerequisite for starting the certification process is a successfully completed pre-assessment. When applying for certification, all documentation must be submitted, and the Target of Evaluation (ToE) must be defined in advance. Neither the evaluators nor the certification body are allowed to provide consultation during or after the application process. The ePrivacyseal serves as a pre-assessment and can be effectively utilized for this purpose.
Watchouts
- When selecting a data protection certificate, consider the scope of the certificate (processor, cloud, DiGA, etc.).
- Many restrictions apply, such as only certifying specific data processing processes.
- Risks regarding the legal certainty of requirements, for example, implementation of all "working papers" and further recommendations from data protection authorities (opinions, guidance documents, etc.), are necessary.
- There is a lack of risk-based solutions and solutions for SMEs and new technologies.
- The very lengthy and complex process of certificate recognition leads to a complex and resource-intensive operation of certification bodies and accordingly high costs for applicants.
Outlook
The ePrivacyseal data protection seal can of course continue to be used as a GDPR seal and offers a broader scope of application, such as for management systems or platforms (note on the awarding of the ePrivacyseal EU: HERE). Please feel free to schedule a meeting with us to learn more about certification with a government data protection seal or other seals.