Data protection

Luxembourg delivers first GDPR accreditation

The national commission for data protection granted its first accreditation on 12 October. Fonds Belval

The national commission for data protection granted its first accreditation on 12 October. Fonds Belval

The national commission for data protection has become the first data protection authority in Europe to accredit a GDPR certification body.

On 12 October, Luxembourg’s national commission for data protection accredited the entity EY PFS Solutions via its certification mechanism, GDPR-CARPA (General Data Protection Regulation-Certified Assurance Report-Based Processing Activities). The mechanism is the first to be adopted on a national and international level under the GDPR. Accreditation criteria are based on audits and quality control.

Thanks to the accreditation, EY PFS Solutions can now issue GDPR certifications for five years.

Why is GDPR important?

GDPR is a privacy and security law that regulates how organisations target or collect data related to people in the EU. It outlines how organisations must protect and handle data in a secure manner, and details new privacy rights to give people more control over the data they loan to organisations.

With a GDPR certification, companies, public authorities, associations and other organisations can show that their data processing activities comply with the GDPR.

Implementing the certification mechanism can promote transparency and compliance. It also allows businesses and individuals to better evaluate the level of protection offered by products, services, processes or systems used or offered by the organisations that process their personal data. These entities therefore benefit from an independent certificate to demonstrate that their data processing operations comply with EU regulations.