The GDPR or General Data Protection Regulation creates a harmonised set of rules applicable to all personal data processing by organisations (public or private, regardless of their size) established in the European Economic Area (EEA) or targeting individuals in the EU. The primary objective of GDPR is to ensure that personal data enjoys the same high standard of protection everywhere in the EEA, increasing legal certainty for both individuals and organisations processing data, and offering a high degree of protection for individuals.
The regulation entered into force on 24 May 2016 and applies since 25 May 2018.
How can I apply for the European Data Protection Seal?
Controllers should formally submit their EU-wide certification criteria to:
the competent data protection authority (DPA) in the EEA country where the scheme owners have their headquarters;
the competent data protection authority (DPA) in the EEA country where a certification body operating the certification mechanism have their headquarters, considering the member state in which the most certificates are likely to be issued.
How can my processing operations or my organisation become GDPR certified?
Under the GDPR, certification is conducted by national certification bodies or by the competent national data protection authorities (Art. 42(5) GDPR).
For further information, we recommend contacting the relevant national DPA for your organisation. You can find a overview of all EEA DPAs here.
My organisation would like to become a certification body, how can we become accredited?
Certification bodies are accredited by the national data protection authorities (DPA) or by the national accreditation body (named in accordance with Regulation 17065/2012). For further information regarding certification bodies, we recommend contacting the national DPA in your country. You can find an overview of all EEA DPAs here.
We are constantly working on the translation of our documents into the official EU languages. All static content, as well as press releases and documents officially adopted by the Board, such as Guidelines, will be made available in these languages.
This process takes time and various steps need to be completed in order to provide translations of the best quality.
Please note that documents undergoing public consultation are usually not translated. It is only after the public consultation has been concluded and a final version of the document has been adopted by the Board that these documents will be translated.
Do you think your data has been lost or stolen?
The GDPR puts in place clear procedures in case of a data breach. If a data breach poses a risk, companies and organisations holding your data have to inform the relevant data protection authority within 72 hours or without undue further delay. If the leak poses a high risk to you, then you must also be informed personally.
I think my data protection rights have been violated, what can I do?
If you believe your data protection rights have been violated you can contact the organisation holding your data, contact your national data protection authority (DPA), or go to a national court.
DPAs can conduct investigations and impose sanctions where necessary. You can find the contact details for all EEA DPAs here.
What are my rights under the GDPR?
All individuals residing in the European Economic Area (EEA) have the right to the protection of their personal data.
More specifically, under the GDPR, you have several rights
Right to be informed
Right of access
Right to rectification
Right to restriction of processing
Right to data portability
Right to object
Right not be subject to a decision based solely on automated processing.