BSI News | BSI - official partner of Europrivacy™/®, empowering organizations to meet the GDPR regulation
Europrivacy™/® announced through their website that BSI has been approved as a EuroprivacyTM/® official partner to provide Data Protection certification under the EuroprivacyTM/® scheme in Europe and global markets.
EuroprivacyTM/® is a certification scheme managed by the European Centre for Certification and Privacy (ECCP) and maintained by the EuroprivacyTM/® International Board of Experts in data protection. The EuroprivacyTM/® certification scheme is a GDPR-by-design certification, developed through the European research program financed by the European Commission. It is designed to address the specific obligations of the GDPR and to serve as an official certification scheme under articles 42 and 43 of the GDPR. It brings value to companies by demonstrating their engagement in protecting personal data, thus making them a trustable service provider for their customers, as well as a reliable data processor for their business partners and other stakeholders. Europrivacy has been designed to build trust and confidence by certifying data processing activities that is compliant with the applicable European data protection regulations. EuroprivacyTM/® provides state-of-the-art solutions to ensure the conformity of various data processing activities with the European General Data Protection Regulation (GDPR). It can be extended to complementary national data protection registration and can address emerging technologies. Europrivacy enables organizations to identify and reduce legal and financial risks, confirm and demonstrate GDPR compliance, improve reputation and access to the market through the application of this scheme. The Europrivacy scheme is currently going through the approvals process with the European Data Protection Board.
The General Data Protection Regulation (GDPR) is a regulation issued by the European Union, which took effect on May 25, 2018. GDPR applies to all businesses that collect, transmit, retain, or process personal data linked to European member states governed by the regulation. For example, a company whose main body is not a member of the EU (including free services) is still subject to the regulation if it satisfies one of the following two conditions:
(1) Any person or entity (collectively, Entity) established in the European Union or processes the personal data of EU residents when offering them goods or services. Or
(2) Collect and process information about an identifiable person in the EU for the purpose of monitoring their activity.
Failure to comply with the requirements of GDPR can result in fines of up to 4% of global annual turnover or €20 million – whichever is greater.
After the release of GDPR, an immediate issue was raised by companies with operations in Europe or doing business with the EU. How to establish a GDPR compliant personal privacy protection management system that meets the requirements of GDPR? Also, how to show client and relevant regulatory agencies the evidence of compliance? A certification approved by the relevant regulatory authorities of the European Union is an effective solution.
Articles 42 and 43 of the GDPR set out a system for certifying data processing activities and established requirements on relevant certification bodies. Article 42, paragraph 1, provides that: "to prove that the data controller or processor data processing behaviour is in line with the provisions of these regulations, data protection committee member, regulators, Europe and the European Commission should be advocated, especially within Europe, establishing data protection authentication mechanism and data protection seal and sign, also should consider the specific needs of micro, small and medium-sized enterprises." Prescribed in paragraph 1 of article 43 ". This shall not affect the article 57 and article 58 of the right to the task of regulators and authority, have a professional certification institution related to the protection of personal data to make it as necessary to the exercise of the second paragraph of article 58 of functions and powers prescribed in item (h) and after informing regulators, shall be issued and update the certificate. Member states shall ensure that these certification bodies are recognized by one or more of the following bodies :(a) competent regulatory bodies under article 55 or 56 of this regulation; (b) as specified in the Regulation(EC)No 765/2008 of the European Parliament and the Council establishing the Requirements for certification and Market Supervision of the Marketing of Products, And a national certification body that meets the requirements of conformity Assessment -- Requirements for Institutional Certification of Conformity of Products, Operating Processes and Services (EN-ISO/IEC 17065/2012) and is entitled to additional requirements imposed by regulatory bodies under Article 55 or 56 of these Regulations."
How BSI can support on information and cyber security and data protection
As a EuroprivacyTM/® certification body approved by the European Certification and Privacy Centre (ECCP), BSI has become a Digital Trust leader by providing comprehensive information security and data protection conformity assessment solutions, certification and training for clients under international standards, regional regulations, and industry norms, including but not limited to:
- ISO 27001 Information Security Management System（CNAS, ANAB, UKAS, ACCREDIA）
- ISO27701 privacy information management system（ANAB）
- Europrivacy Certification （ECCP）
- UK eIDAS trust service provider (UK ICO)
- NIST CSF & NIST CMMC（NIST）
- MTCS， DPTM，CBPR （SAC）
- CSA STAR (CSA)
- PCI DSS (PCI SCC)
- WLA Security（WLA）
BSI will continue to support on your path to information and cyber security, and data protection.
BSI (British Standards Institution) equips businesses with the necessary solutions to turn standards of best practice into habits of excellence. As the world’s first National Standards Body and a founding member of the International Organization for Standardization (ISO), BSI is responsible for originating many of the world’s most commonly used management systems standards.