Luxembourg Becomes First Country to Introduce an Official GDPR Certificate

Lee Webster
January 17, 2023

Table of Contents

What's New?

Luxembourg becomes the first country to introduce a certification mechanism according to the GDPR criteria.

I know what you're thinking "wait, didn't Privasee introduce a GDPR certificate already for their customers?" - in short, yes. But that's great for news for us and our customers. Luxembourg have taken the first steps to introduce GDPR certificates for specific processing operations and we think this is a fantastic step in the right direction.

The announcement came from The National Data Protection Commission (CNPD- they have adopted the certification mechanism GDPR-CARPA on 13th May 2022. GDPR-CARPA is the first certification to be adopted on a national / international level under the GDPR

Whats the actual Certification Criteria?

In Luxembourg the CNPD will accredit the entities that will issue the GDPR certification. The criteria is based on ISAE 3000 (audit), ISCQ1 (quality control of auditing organizations) and ISO 17065 (licensing of certification entities). These accreditations will be done by professional auditors. It will be based on a ISAE 3000 Type 2 report that allows for the issuing of an opinion on the correct implementation of the control mechanism while the auditor is formally held responsible.

What Can We Expect in the Future?

We made the prediction that this would happen some time ago and our customers have been using our in-house GDPR certificates with great success on their company websites,. We predict more countries will follow suit and roll our similar schemes with GDPR certification for specific operations and that it will eventually filter down to broader applications.

So What do I Need to Do?

If you're an SME and want to get ahead of your competition and get your business certified ahead of time you can do so here.

If you are based in Luxembourg and would like to find out more about the certification you can read about it in this PDF from EDPB. If none of this makes sense to you and you'd like assistance or clarity on how your business can get certified, regardless of location, please reach out to us and we'll be happy to help.

Get Compliant in <1 Hour

Are you Fully GDPR Compliant?

Ensure your policies are always up to date with Privasee, an AI powered GDPR compliance solution that does it all.