Blog

Luxembourg Becomes First Country to Introduce an Official GDPR Certificate

By
Lee Webster
January 17, 2023

Table of Contents

What's New?

Luxembourg becomes the first country to introduce a certification mechanism according to the GDPR criteria.

I know what you're thinking "wait, didn't Privasee introduce a GDPR certificate already for their customers?" - in short, yes. But that's great for news for us and our customers. Luxembourg have taken the first steps to introduce GDPR certificates for specific processing operations and we think this is a fantastic step in the right direction.


The announcement came from The National Data Protection Commission (CNPD- they have adopted the certification mechanism GDPR-CARPA on 13th May 2022. GDPR-CARPA is the first certification to be adopted on a national / international level under the GDPR

Whats the actual Certification Criteria?

In Luxembourg the CNPD will accredit the entities that will issue the GDPR certification. The criteria is based on ISAE 3000 (audit), ISCQ1 (quality control of auditing organizations) and ISO 17065 (licensing of certification entities). These accreditations will be done by professional auditors. It will be based on a ISAE 3000 Type 2 report that allows for the issuing of an opinion on the correct implementation of the control mechanism while the auditor is formally held responsible.

What Can We Expect in the Future?

We made the prediction that this would happen some time ago and our customers have been using our in-house GDPR certificates with great success on their company websites,. We predict more countries will follow suit and roll our similar schemes with GDPR certification for specific operations and that it will eventually filter down to broader applications.

So What do I Need to Do?

If you're an SME and want to get ahead of your competition and get your business certified ahead of time you can do so here.

If you are based in Luxembourg and would like to find out more about the certification you can read about it in this PDF from EDPB. If none of this makes sense to you and you'd like assistance or clarity on how your business can get certified, regardless of location, please reach out to us and we'll be happy to help.

Share this post
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
Lee Webster
July 28, 2022

Get Compliant in <1 Hour

Are you Fully GDPR Compliant?

Ensure your policies are always up to date with Privasee, an AI powered GDPR compliance solution that does it all.

Get Started
How It Works
About
HomeHow It WorksFeaturesPricingBlogGDPR DictionaryGDPR Compliance SoftwareGDPR Compliance ServicesSearch
Connect
Whatsapp messaging logo
WhatsApp
Email sending logo
Email
Twitter
LinkedIn
YouTube
Email sending logo
Contact
Legal
Terms & ConditionsPrivacy PolicyCookie Policy
Popular Articles
Google Consent Mode v2 (CoMo) - what is it, explained.
GDPR Compliance for B2B Marketing
What is a Data Processing Agreement vs a Privacy Policy?
Latest Articles
Google Consent Mode v2 (CoMo) - what is it, explained.
How to prove that you have consent to process someone's data?
What is a Data Processing Agreement vs a Privacy Policy?
Stay up to date on the latest Privasee features and releases.
Privasee GDPR Badge
Greenspark | Plastic & Carbon Offset
© 2022. All right reserved.
Privasee Group LTD, 7 Bell Yard, London, WC2A 2JR, United Kingdom