Skip to main content

Prepare your Certification

In order to prepare a successful certification, here is some advice:

  • Commit to personal data protection and communicate your commitment (Privacy Pact).
  • Designate a Data Protection Officer and make him/her easily reachable by the public and by your National Supervisory Authority.
  • Inventory and document your processing activities.
  • Check the lawfulness of your data processing activity.
    (if based on consent, make sure that consent is informed, free, clearly expressed, and received before processing the data).
  • Assess the risks for the rights and freedom of data subjects and, if applicable perform, a Data Protection Impact Assessment (DPIA).
  • Minimise the personal data collection, processing, access and period of retention.
  • Secure the data processing with appropriate technological and organisational measures.
  • Adopt adequate data protection policy, rules and procedures, including for access control, backups and data retention period, data subject rights, Processor and cross-border transfer of personal data.
  • Communicate your data protection policy and procedures.
  • Record and document the exercise of data subjects' rights.
  • Record and document any data breaches and your reaction.
  • Regularly check your technical and organisational measures and update your risk assessment.
  • Perform at least once a year a top management review of the internal audit results and risk assessment. The top management should adopt a specific action plan addressing the identified weaknesses.