Skip to main content

Audit and certify your data protection conformity

Deloitte has been selected as a EuroprivacyTM/® official partner by the European Centre for Certification and Privacy. We help our clients certify the conformity of their data processing activities with Europrivacy and the European General Data Protection Regulation (GDPR).

The GDPR contains over 70 certification references for organizations to demonstrate the conformity of their processing activities with the regulation. This includes selecting data processors with an adequate level of data protection and for authorizing cross-border data transfers. Non-conformity with the GDPR carries important legal and financial risks, which are hidden costs until a company is fined up to €20 million or 4% of its worldwide turnover (art.83.5 GDPR). A GDPR certification reduces these legal and financial risks and can substantially save costs. Europrivacy certificates demonstrate that a company is engaged in protecting personal data and is a trustable service provider for its customers, as well as a reliable data processor for its business partners. Companies with certified data processing activities position themselves as front-runners in data protection with a strong competitive advantage on the market. As a company is also liable for its choice of data processors, it can require them to certify their services to protect itself from legal and financial risks.

Your smart journey to GDPR certification


Deloitte helps you obtain Europrivacy certification of your data processing activities, enabling you to select priority activities and progressively certify them once they are ready. Deloitte:

  • Selects two data processing activities to be certified as a priority;
  • Prepares the priority data processing activities for certification by documenting their conformity; 
  • Offers remediation support in case of residual non-conformities;
  • Prepares the selected processing activities for certification by an independent certification body and supports the process; 
  • Elaborates a certification plan for the remaining data processing activities that require certification; and
  • Gives you access to continuous updates on European and national requirements related to personal data protection to maintain and enhance your conformity.


A reliable certification process


The Europrivacy certification scheme has been developed through the European research program financed by the European Commission. It is designed to address the GDPR’s specific obligations and to serve as an official certification scheme under article 42 of the GDPR. It has been developed by experts in data protection in consultation with national supervisory authorities. The certification scheme is managed and continuously updated by the European Centre for Certification and Privacy (ECCP) in Luxembourg and its International Board of Experts in data protection.

Europrivacy applies to all kinds of data processing, including emerging technologies. It enables you to document, assess, and certify your conformity with the GDPR and complementary national data protection regulations. And, it allows you to select priority data processing activities and progressively certify them once they are ready.

Europrivacy is closely aligned with ISO standards and complements management system certifications, such as ISO/IEC 27001 or 27701. While the latter enables the certification of the quality of an information management system, Europrivacy has been designed to certify compliance of data processing activities with the GDPR and complementary national data protection regulations, in accordance with the guidance of the European Data Protection Board (EDPB). It is the first scheme that has been submitted by a European national data protection authority to the EDPB as part of the endorsement process by the EU as a European certification scheme under the Art. 42 of the GDPR.

Europrivacy is delivered by qualified Certification Bodies gathering adequate legal and technical expertise. The certification is aligned with the applicable ISO/IEC 17065 and 17021-1 principles. It combines various methodologies, such as documentation review, sampling analysis, technical tests, inspections, and interviews. Delivered certificates can be verified and authenticated on the public Europrivacy Registry, enhanced with Blockchain technology to maximize authentication, reliability and transparency of certificates.

More About Europrivacy:

Europrivacy is an international trademark registered in several jurisdictions.