EuroPriSe Maturity Test
Satisfaction Guaranteed
You won’t be disappointed
100%
Customizable
1,000
Successful Projects
35
Countries Covered
Your Needs Solved
…instead of just a piece software
450
Data Protection Officers
Security
Not Just Privacy
26,000
Processing Activities
Unique Expertise
We are with you from A to Z
45,000
Trainings Delivered
20
Years in Business
Since 2003
We are one of the providers with the longest experience in the market
International Team
Our data protection expertise is transnational and we work internationally
Privacy Impact Assessment
2B Advice has been named a Sample Vendor in four different Gartner Hype Cycle (Cyber Risk Management, Data Security, Privacy, Legal and Compliance Technologies)
Top 5 % Employer
Received the prestigious award from kununu, one of the leading European platforms for employer evaluation.
ISO 19011
Certified Auditor
Gold Member
IAPP Gold Member
ISO Certified
2B Advice is ISO/IEC 27001:2017 Certified
CIPP
Certified Information Privacy Professionals
Maturity Assessment according to EuroPriSe
Prior to the actual certification phase, EuroPriSe requires organisations interested in certification to perform certain tasks during a preparatory phase. This is referred to as a maturity assessment. Legal and technical data protection experts who are familiar with the relevant requirements are efficient and trained to assist the certification customer with these tasks.
Target of Evaluation
Target of Evaluation (ToE) Scoping
The ToE is the concrete object of the legal and technical evaluation and of the certification granted in case of success. Accurate and precise description of a ToE is fundamental (prerequisite) to a certification procedure as it defines what the certification covers in detail.
A ToE description according to EuroPriSe shall consist of essential characteristics, such as:
- Relevant processes/functionalities and the associated processing operations;
- Purpose(s) pursued by the processing operations in each case;
- Categories of data subjects and categories of personal data concerned;
- Technical systems (software, hardware, infrastructure).
- Transfers to 3rd countries (if applicable).
Data Protection specific Risk Analysis
Certification customers shall carry out a risk analysis on the ToE and document the results. Hereby, they shall focus on the risks to the data subjects concerned. Within the risk analysis framework
- All risks from the perspective of the data subjects must be identified for the following protection goals:
- Data minimisation,
- Availability,
- Integrity,
- Confidentiality,
- Unlinkability,
- Transparency,
- Intervenability,
- Resilience;
- The risks must be assessed in terms of their likelihood and impact;
- The risks must be compared with the technical and organisational measures implemented to minimise them.
Document Review
In this phase the activities include
- Identification of the types of documents required for certification;
- Checking of the relevant documents whether they are already available, complete, understandable and up to date.
Required documents include legal and technical ones (e.g., records of processing activities (RoPA), relevant contracts (such as DPAs), and descriptions of implemented technical and organisational measures (TOM)).
Analysis
Regulatory Analysis
Regulatory analysis means conducting an analysis of the applicable legislation and listing of all relevant statutory provisions at EU and, where applicable, national level as well as relevant court rulings and/or guidelines and other interpretative guidance from data protection supervisory authorities.
Analysis of the Technical State-of-the-Art
In this phase, it is necessary to conduct and document the results of an analysis of the applicable technical state-of-the-art for the ToE (in this respect, EuroPriSe is guided in particular by the document “Guideline ‘State of the Art’” by ENISA and TeleTrust).
Requirement Profile
This phase requires identification and listing of the requirements of the relevant EuroPriSe criteria catalogue that applies to the ToE (if the target of evaluation includes several processing operations to which different requirements apply, distinct requirement profiles must be established).
Note: Not all requirements are always applicable. For example, some requirements only apply if special categories of personal data are processed within the scope of the ToE or if the ToE involves a transfer of personal data to third countries.
Cursory Review – identifying Showstoppers
This is an assessment of whether the ToE can in principle be regarded as certifiable, taking into account the applicable criteria of the respective criteria catalogue. The purpose of this review is to identify obvious violations of the law and security deficiencies (showstoppers from both legal and technical perspective) in advance of a certification procedure so that the customer can remedy them before submitting the application for certification to the certification body.
GDPR FAQs?
What is EuroPriSe?
Our Clients
Latest Blog Posts
This blog delves into the intricate requirements of GDPR consent, guided by the European Data Protection Board's (EDPB) clarifications and the amendments to the initial guidelines set by the Article 29 Working Party.
This blog will delve into the nuances of New Jersey's Senate Bill 332 and New Hampshire's Senate Bill 255, exploring their key features and the potential impacts on privacy norms.
The European Commission's recent confirmation of the continuity of data flows to 11 third countries and territories marks a significant milestone in international data protection.