Verified Data Protection Certificate

Companies should process and store data from their customers, suppliers and employees in accordance with data protection regulations. Since data protection supervisory authorities cannot check and certify manufacturers’ products, software users themselves must ensure that the products are used in accordance with data protection law. Especially with service providers, customers have great uncertainty as to whether their data is in good hands. A data protection analysis and a data protection audit can help here. Anyone who wants or needs to prove their level of data protection with a certificate will need a data protection audit.

Advantages of a data protection certificate

SaaS cloud service providers, educational institutions and eCommerce retailers have to store a lot of personal data in their systems for operational reasons. Anyone taking a course has provided their contact details and perhaps other personal information (date of birth, CV, financial situation) to an educational institute. Operating a training center without sufficient data protection compliance can lead to significant problems.

Customers have also stored a lot of data with eCommerce companies. Not every new customer feels comfortable entrusting their private data to an online retailer. It doesn’t matter whether you want to order pet food or car accessories online, uncertainty often leads to purchase cancellations. Here, a certificate of verified data protection can ensure significantly more customer trust and increase the shopping cart more often. This also increases the profitability of online advertising that leads buyers to the online shop.

Cloud providers have a similar situation with SaaS products for business customers: New B2B customers have great concerns about importing their customer data into a cloud application. This uncertainty also exists when using platforms for personnel management and recruitment. Here, the “Tested Data Protection” certificate helps to convince significantly more long-term customers to test the platform and use it permanently.

Where is this regulated in the GDPR or the ISO 27001 standard? Legal texts can be confusing

What is the process for obtaining the data protection certificate?

In order to receive a data protection certificate “Verified Data Protection”, companies must undergo a data protection audit. A number of non-conformities and observations are usually identified. The company must correct this in order to fulfill all requirements after a control audit and successfully complete the certification. However, in order to keep the costs within reasonable limits, it is advisable to make all relevant data protection aspects compliant before the audit by means of a data protection analysis and data protection advice.