How does it work?
You will receive the certificate and you may use the Privacy Verified logo if, for example, your data processing agreement and/or privacy statement is GDPR compliant. To achieve this, we will draft a processing agreement and/or privacy statement for you, or check your current documents. We will visualize these documents to make them readable and practical. Drafting or reviewing the documents is always customized. It will be tailored to your specific organization and industry.
1. Drafting or checking documents
The process begins with the drafting of a customized data processing agreement or privacy statement. It is also possible to have existing documents checked. Our privacy experts check how personal data are processed and what information and/or agreements are necessary for the documents. On the basis of this, the document in question is drawn up so that it fits in with your organization’s working methods.
2. Visualizing documents
The second step is the visualization of the document. This means that the legal context is visualized as much as possible so that it is clear to any reader how personal data is processed and what the most important agreements are. This makes the document practical and readable, and prevents interested parties from having to dig through long legal texts to check how you safeguard privacy.
Once the document is drafted and visualized, the certification takes place. By including all required points in the documents, and thus translating the working method into practice within the document, you will be in possession of an AVG compliant document. Within this document we include our certification, so when you share the document it is immediately demonstrable that an external party has performed a check on this.
The certified documents are updated in response to relevant legislative changes. In addition, after each year a short evaluation and review takes place to see if there are any changes in the working method that need to be implemented in the documents. If changes are made in the meantime, these can always be implemented in consultation.
Is this a GDPR certificate, as referred to in Article 42 of the GDPR?
Currently, no GDPR-certificates, as referred to in the GDPR, are being issued in the Netherlands yet. There are currently no accredited certification bodies. Privacy Verified is therefore not a GDPR certificate, but an extremely suitable way to test whether your working method complies with the GDPR. The various processes are tested against the requirements of the relevant privacy laws and regulations. The Privacy Verified Enterprise program goes even further and tests the entire organization.
We currently do not know exactly how our product or process will be organised. Is Privacy Verified suitable for us?
This is the perfect time to have such a test carried out. When a privacy check is carried out after a product or process has been set up, it often costs money and time to implement certain changes. We therefore always recommend, if possible, to perform a privacy check in the initial phases of development.
Can any of the Privacy Verified programs serve as a DPIA (also known as a Data Protection Impact Assessment)?
Definitely. The Extended program is equivalent to a DPIA. A legally required DPIA has no mandatory established format. A number of matters must be assessed by means of a DPIA, such as the necessity of processing personal data. These topics are also included in the Privacy Verified Extended program.
How long do certification processes take?
This depends on the cooperation of the participant. Apart from the tasks and advice generated during the inventory, input from participants is also required. This includes insights into the generated documents, demo accounts for certain services for them to assess, or the availability to conduct conversations with the right people within an organization. A Basic certification can be completed within a week after the documents have been uploaded by the participant. We estimate three weeks for the Extended program, and two months for the Enterprise program.
How can my associates check whether my certificate is valid?
All participants in the Privacy Verified programme are included in our register. This register is made publicly available and indicates the type of certification, the status, as well as the renewal date.
Am I required to place the Privacy Verified logo and certification on my website?
No, you are not obliged to. If you do not wish to place the logo and URL of your certificate on your website. Alternatively, you can of course choose to mention the certification in your terms & conditions or, for example, on your “About us” page.
What does chain certification mean?
This means that all branches in the chain can be affiliated with Privacy Verified. Imagine that you are using a hosting provider for your web shop. You can agree with the hosting provider for them to offer guarantees regarding privacy. However, you do not know how this can be arranged at the data center where the hosting provider has previously made an agreement with. In order to make the entire chain privacy-proof, Privacy Verified is devoted to chain certification. Essential GDPR standards have been established for various sectors. For example, the focus is set on what requires to be properly arranged per sector, and specific tests are carried out against these standards. The aim is to make the sharing of data within the chain privacy-proof and that this standard can be recognized at a glance.
What if I need help or additional advice?
If you need additional support or advice, you can request this at the reduced rate of € 170.00 per hour.
What is the security report, ICTRecht Security Scan?
Your website is scanned every week and continuously monitored for identified security threats. ICTRecht Security Scan free of charge and included with Privacy Verified Extended and Enterprise.
I already have an ISO or NEN certification. Does Privacy Verified have any added value?
The Privacy Verified certification program specifically focuses on the legal requirements that are essential to your organization, and on how these requirements can be implemented in a practical way. It goes beyond whether certain processes are present within the organization. Privacy Verified assesses whether the GDPR is actually being complied with, based on standard framework that have been made sector-specific. Law is combined with technology. It goes further than the existing processes and provides answers as to how, and in what way the GDPR is being complied with. For example, we view the website as the regulator would. It is therefore an indispensable addition to an ISO or NEN certification.
With which support organizations does Privacy Verified collaborate?
In order to market a service that really relates to the various branches, Privacy Verified has entered into a partnership with various branch associations. We work together with the following industry associations:
- Thuiswinkel Waarborg
- Dutch Laravel Foundation
- Dutch Hosting Provider Association
- Dutch Data Center Association
How is independence being guaranteed?
To ensure that certification takes place independently, we work together with (the Certification Foundation) Stichting Certificering. This means that the Privacy Verified team executes the legal check and that the certificate is issued by the (Certification Foundation) Stichting Certificering.
Would you like to know more about Privacy Verified?
Do you need a customized GDPR check? We would like to get in touch with you in order to organize and manage privacy within your organization as thoroughly as possible. This way we can ensure that privacy works for your organization, and not the other way around.