Sertifiointimekanismit, tietosuojasinetit ja -merkit

Sertifiointi on vapaaehtoinen väline, joka auttaa organisaatioita varmistamaan ja osoittamaan, että ne noudattavat yleistä tietosuoja-asetusta.
Tässä rekisterissä esitetään yleiskatsaus olemassa olevista sertifiointimekanismeista sekä tietosuojasineteistä ja -merkeistä, jotka toimivaltaiset tietosuojaviranomaiset ovat myöntäneet tietosuojaneuvoston lausunnon perusteella (yleisen tietosuoja-asetuksen 42 artiklan 5 kohta ja 42 artiklan 8 kohta), myös silloin, kun kyseessä on eurooppalainen tietosuojasinetti.
Siinä luetellaan myös sertifiointielinten akkreditointia koskevat hyväksytyt vaatimukset (yleisen tietosuoja-asetuksen 43 artiklan 3 kohta).

Trusted Site Data Privacy Criteria Catalogue for Inspecting the Conformity of an IT Solution with the European General Data Protection Regulation

19 May 2026

de/ldi nrw

Scheme owner

TÜV NORD CERT GmbH

Scope

Generic

Type of criteria

National certification criteria

Applicability of the scheme

Controllers and processors

Certification as tool for transfers

Julkaisematon

List of documents assessed by the EDPB

Trusted Site Data Privacy Criteria Catalogue for Inspecting the Conformity of an IT Solution with the European General Data Protection Regulation Version 2.12 from 19.03.2025

Date of national decision

06 toukokuu 2026

Relevant topics

Certification

Lexing GDPR certification

19 January 2026

Scheme owner

Lexing

Scope

Generic

Type of criteria

National certification criteria

Applicability of the scheme

Controllers

Certification as tool for transfers

Julkaisematon

List of documents assessed by the EDPB

Lexing GDPR certification criteria V.4.1.pdf
Annex 5 Concordance table between GDPR articles and Lexing certification criteria V02.1.pdf

BDO Austria GmbH Certification Criteria

12 August 2025

Scheme owner

BDO Austria GmbH

Scope

Generic

Type of criteria

National certification criteria

Applicability of the scheme

Controllers and processors

Certification as tool for transfers

Julkaisematon

List of documents assessed by the EDPB

Certification Criteria_BDO Consulting GmbH_V3.8_EN
BDO Application Form and ToE - Version 1.2 EN

BC 5701:2024

11 February 2025

Scheme owner

Brand Compliance B.V.

Scope

Generic

Type of criteria

EU Data Protection Seal

Applicability of the scheme

Data controllers and processors

Certification as tool for transfers

Julkaisematon

List of documents assessed by the EDPB

GDPR Certification Standard and Criteria, BC 5701:2024, Version 0.7

DSGVO-information privacy standard

10 February 2025

de/hb

Scheme owner

Datenschutz cert GmbH

Scope

IT-supported processing operations

Type of criteria

National certification criteria

Applicability of the scheme

Data controllers and processors in Germany

Certification as tool for transfers

Julkaisematon

List of documents assessed by the EDPB

Catalogue of Criteria for the Certification of IT-supported Processing of Personal Data pursuant to Art. 42 GDPR (‘GDPR – information privacy standard’), Version 0.9.7

DSGVO-zt GmbH Certification criteria

10 February 2025

Scheme owner

DSGVO-zt GmbH

Scope

Generic

Type of criteria

National certification criteria

Applicability of the scheme

Controllers

Certification as tool for transfers

Julkaisematon

List of documents assessed by the EDPB

Certification criteria Basic module, Version 1.5
Annex I to the General Certification Criteria concerning the TOMs – Technical and Organisational Measures, Version 1.3
Attachment to Annex I to the General Certification Criteria concerning the TOMs – Technical and Organisational Measures Certification requirements, Version 1.3

EuroPriSe European Privacy Seal

15 October 2024

de/ldi nrw

Scheme owner

EuroPriSe Cert GmbH

Scope

Certification of processing operations by processors in accordance with the GDPR using the EuroPriSe method

Type of criteria

EU Data Protection Seal

Applicability of the scheme

Data Processors

Certification as tool for transfers

Julkaisematon

List of documents assessed by the EDPB

Krit_Katalog_Verarbeitungsvorgange von AV_EU_EN_v1_5

AUDITOR conformity assessment

18 June 2024

de/ldi nrw

Scheme owner

Competence Centre Trusted Cloud e.V.

Scope

Certification of data processing operations conducted by a cloud service provider as processor pursuant to Article 28 GDPR, as well as limited processing operations conducted by a cloud service provider as controller

Type of criteria

National certification criteria

Applicability of the scheme

Data Processors

Certification as tool for transfers

Julkaisematon

List of documents assessed by the EDPB

01_AUDITOR ACC v_0.99_f_03.02.24_clean.docx
04_Certification Object_v0.99_c.docx

BC5701:2023

08 February 2024

Scheme owner

Brand Compliance B.V.

Scope

Generic

Type of criteria

National certification criteria

Applicability of the scheme

Controllers and processors within the Netherlands

Certification as tool for transfers

Julkaisematon

List of documents assessed by the EDPB

Certification standard BC 5701:2022 versie 1.2

GDPR-CARPA

26 January 2024

Scheme owner

LU SA

Scope

Any type of processing except:

personal data processing operations specifically targeting minors under 16 years old,
processing operations in the context of a joint controllership,
processing operations in the context of article 10 GDPR, except those that are clearly defined and regulated by Luxembourgish or European Laws and for which the CNPD is the competent supervisory authority (e.g. Loi du 1er août 2018 relative à la protection des personnes physiques à l’égard du traitement des données à caractère personnel en matière pénale ainsi qu’en matière de sécurité nationale),
processing operations of entities that have not officially designated a DPO* (article 37 GDPR). 

Type of criteria

National certification criteria

Applicability of the scheme

controllers and processors established in Luxembourg

Certification as tool for transfers

Julkaisematon

List of documents assessed by the EDPB

LU SA – GDPR-CARPA Certification criteria-1.docx