Privacy Verified in 3 steps

You want to know whether your organization complies with the GDPR and be able to prove this to your clients and relations? Are you curious what steps must be taken to fully comply with and continue to comply with the law? Privacy Verified will assist you.

How it works

When your organization, product or process is GDPR compliant you will receive the certificate and may showcase the Privacy Verified logo. To achieve this, we will carry out an extensive inventory, in which both the front- and back-end of your organization, product and / or process are tested. This does not only include a check of your privacy statement and security measures, but also, for example, checking your existing processing agreements. The inventory will be tailored to your organization and industry.

1. Inventory

Depending on the chosen certification program, the inventory takes place remotely or on location. A personal introduction is included with each program. One of our privacy lawyers will contact you to discuss the results of the inventory or make an appointment to coordinate the inventory with you.

2. Implementation

Based on the inventory, a task list including with points for improvement, that are based on priority, will be drafted for you. You then address these points for improvement, in collaboration with our experts. This way we are able to minimize privacy risks and eliminate them where possible.

3. Certification

Once all tasks from the inventory-list have been completed, a final check will take place. If all tasks have been properly completed, your organization is “Privacy Verified” and you will receive the certificate from ‘Stichting Certificering’. From that moment on, you may also showcase the Privacy Verified logo to the outside world, for example through your website. Also, your organization will be included in our register.

Stay Certified

The Privacy Verified certificate is valid for one year. After each year, a short evaluation and review takes place, and a check will take place whether the privacy laws and regulations applicable at that time are still being complied with. During the re-inspection after the third year, or in case of major reorganization, an extensive check will take place.


Is this a GDPR certificate, as referred to in Article 42 of the GDPR?

Currently, no GDPR-certificates, as referred to in the GDPR, are being issued in the Netherlands yet. There are currently no accredited certification bodies. Privacy Verified is therefore not a GDPR certificate, but an extremely suitable way to test whether your working method complies with the GDPR. The various processes are tested against the requirements of the relevant privacy laws and regulations. The Privacy Verified Enterprise program goes even further and tests the entire organization.

We currently do not know exactly how our product or process will be organised. Is Privacy Verified suitable for us?

This is the perfect time to have such a test carried out. When a privacy check is carried out after a product or process has been set up, it often costs money and time to implement certain changes. We therefore always recommend, if possible, to perform a privacy check in the initial phases of development.

Can any of the Privacy Verified programs serve as a DPIA (also known as a Data Protection Impact Assessment)?

Definitely. The Extended program is equivalent to a DPIA. A legally required DPIA has no mandatory established format. A number of matters must be assessed by means of a DPIA, such as the necessity of processing personal data. These topics are also included in the Privacy Verified Extended program.

How long do certification processes take?

This depends on the cooperation of the participant. Apart from the tasks and advice generated during the inventory, input from participants is also required. This includes insights into the generated documents, demo accounts for certain services for them to assess, or the availability to conduct conversations with the right people within an organization. A Basic certification can be completed within a week after the documents have been uploaded by the participant. We estimate three weeks for the Extended program, and two months for the Enterprise program.

How can my associates check whether my certificate is valid?

All participants in the Privacy Verified programme are included in our register. This register is made publicly available and indicates the type of certification, the status, as well as the renewal date.

Am I required to place the Privacy Verified logo and certification on my website?

No, you are not obliged to. If you do not wish to place the logo and URL of your certificate on your website. Alternatively, you can of course choose to mention the certification in your terms & conditions or, for example, on your “About us” page.

What does chain certification mean?

This means that all branches in the chain can be affiliated with Privacy Verified. Imagine that you are using a hosting provider for your web shop. You can agree with the hosting provider for them to offer guarantees regarding privacy. However, you do not know how this can be arranged at the data center where the hosting provider has previously made an agreement with. In order to make the entire chain privacy-proof, Privacy Verified is devoted to chain certification. Essential GDPR standards have been established for various sectors. For example, the focus is set on what requires to be properly arranged per sector, and specific tests are carried out against these standards. The aim is to make the sharing of data within the chain privacy-proof and that this standard can be recognized at a glance.

What if I need help or additional advice?

If you need additional support or advice, you can request this at the reduced rate of € 170.00 per hour.

What is the security report, ICTRecht Security Scan?

Your website is scanned every week and continuously monitored for identified security threats. ICTRecht Security Scan free of charge and included with Privacy Verified Extended and Enterprise.

What if I need help or additional advice?

If you need additional support or advice, you can request this at the reduced rate of € 170.00 per hour.

I already have an ISO or NEN certification. Does Privacy Verified have any added value?

The Privacy Verified certification program specifically focuses on the legal requirements that are essential to your organization, and on how these requirements can be implemented in a practical way. It goes beyond whether certain processes are present within the organization. Privacy Verified assesses whether the GDPR is actually being complied with, based on standard framework that have been made sector-specific. Law is combined with technology. It goes further than the existing processes and provides answers as to how, and in what way the GDPR is being complied with. For example, we view the website as the regulator would. It is therefore an indispensable addition to an ISO or NEN certification.

With which support organizations does Privacy Verified collaborate?

In order to market a service that really relates to the various branches, Privacy Verified has entered into a partnership with various branch associations. We work together with the following industry associations:

  • Thuiswinkel Waarborg
  • Dutch Laravel Foundation
  • ISPConnect
  • Dutch Hosting Provider Association
  • Dutch Data Center Association

How is independence being guaranteed?

To ensure that certification takes place independently, we work together with (the Certification Foundation) Stichting Certificering. This means that the Privacy Verified team executes the legal check and that the certificate is issued by the (Certification Foundation) Stichting Certificering.

Would you like to know more about Privacy Verified?

Do you need a customized GDPR check? We would like to get in touch with you in order to organize and manage privacy within your organization as thoroughly as possible. This way we can ensure that privacy works for your organization, and not the other way around.

Would you like to know more about Privacy Verified?

Contact one of our experts. We are happy to help you.