Make sure your service or procuct can be certified

EuroPriSe Maturity Test

Before a EuroPriSe Certification you need a Maturity Test
Key Reasons Why Over 15,000 Clients Choose 2B Advice

Satisfaction Guaranteed

You won’t be disappointed




Successful Projects


Countries Covered

Your Needs Solved

…instead of just a piece software


Data Protection Officers


Not Just Privacy


Processing Activities

Unique Expertise

We are with you from A to Z


Trainings Delivered


Years in Business


Certifies Your Privacy

Since 2003

We are one of the providers with the longest experience in the market

International Team

Our data protection expertise is transnational and we work internationally

ISO Certified

2B Advice is ISO/IEC 27001:2017 Certified

Privacy Impact Assessment

2B Advice has been named a Sample Vendor in four different Gartner Hype Cycle (Cyber Risk Management, Data Security, Privacy, Legal and Compliance Technologies)

Top 5 % Employer

Received the prestigious award from kununu, one of the leading European platforms for employer evaluation.

Maturity Assessment according to EuroPriSe

Prior to the actual certification phase, EuroPriSe requires organisations interested in certification to perform certain tasks during a preparatory phase. This is referred to as a maturity assessment. Legal and technical data protection experts who are familiar with the relevant requirements are efficient and trained to assist the certification customer with these tasks.

Target of Evaluation

Target of Evaluation (ToE) Scoping 

The ToE is the concrete object of the legal and technical evaluation and of the certification granted in case of success. Accurate and precise description of a ToE is fundamental (prerequisite) to a certification procedure as it defines what the certification covers in detail. 

A ToE description according to EuroPriSe shall consist of essential characteristics, such as:  

  • Relevant processes/functionalities and the associated processing operations;
  • Purpose(s) pursued by the processing operations in each case;
  • Categories of data subjects and categories of personal data concerned;
  • Technical systems (software, hardware, infrastructure).
  • Transfers to 3rd countries (if applicable).

Data Protection specific Risk Analysis

Certification customers shall carry out a risk analysis on the ToE and document the results. Hereby, they shall focus on the risks to the data subjects concerned. Within the risk analysis framework 

  • All risks from the perspective of the data subjects must be identified for the following protection goals: 
  • Data minimisation,
  • Availability,
  • Integrity,
  • Confidentiality,
  • Unlinkability,
  • Transparency,
  • Intervenability,
  • Resilience;
  • The risks must be assessed in terms of their likelihood and impact;
  • The risks must be compared with the technical and organisational measures implemented to minimise them.

Document Review

In this phase the activities include 

  • Identification of the types of documents required for certification;
  • Checking of the relevant documents whether they are already available, complete, understandable and up to date.

Required documents include legal and technical ones (e.g., records of processing activities (RoPA), relevant contracts (such as DPAs), and descriptions of implemented technical and organisational measures (TOM)). 


Regulatory Analysis 

Regulatory analysis means conducting an analysis of the applicable legislation and listing of all relevant statutory provisions at EU and, where applicable, national level as well as relevant court rulings and/or guidelines and other interpretative guidance from data protection supervisory authorities. 


Analysis of the Technical State-of-the-Art 

In this phase, it is necessary to conduct and document the results of an analysis of the applicable technical state-of-the-art for the ToE (in this respect, EuroPriSe is guided in particular by the document “Guideline ‘State of the Art’” by ENISA and TeleTrust). 

Requirement Profile

This phase requires identification and listing of the requirements of the relevant EuroPriSe criteria catalogue that applies to the ToE (if the target of evaluation includes several processing operations to which different requirements apply, distinct requirement profiles must be established). 

Note: Not all requirements are always applicable. For example, some requirements only apply if special categories of personal data are processed within the scope of the ToE or if the ToE involves a transfer of personal data to third countries. 

Cursory Review – identifying Showstoppers

This is an assessment of whether the ToE can in principle be regarded as certifiable, taking into account the applicable criteria of the respective criteria catalogue. The purpose of this review is to identify obvious violations of the law and security deficiencies (showstoppers from both legal and technical perspective) in advance of a certification procedure so that the customer can remedy them before submitting the application for certification to the certification body. 


The European Privacy Seal (EuroPriSe) is a well-respected certification that demonstrates to your clients that you take data privacy seriously and comply with EU data protection laws.

Our Clients

Sign up to our Newsletter

Privacy updates and news delivered weekly to your inbox