READ
READ MORE
DRAG
The Commission Nationale pour la Protection de Données (CNPD) has adopted the GDPR-CARPA (Certified Assurance Report-Based Processing Activities Certification Criteria) in 2022. By passing this certification, economic actors established in Luxembourg have the possibility to demonstrate that their data processing operations comply with the regulation, this certification guaranteeing a high level of compliance with RGPD.
The CNPD is the only European supervisory authority to have developed a certification scheme under RGPD. The certification has been built following numerous exchanges with the auditing actors allowing to define what would be useful for the Luxembourg ecosystem. The certification criteria have been examined by the European counterparts of the CNPD in the framework of the European consistency mechanism and have been the subject of an opinion issued by the European Data Protection Committee (EDPS).
Even if the GDPR-CARPA certification is not applicable in France for the moment, it is important today in a world where data protection is a major issue for all actors, to be able to demonstrate the compliance of one's processing processes with the GDPR becomes a commercial argument that makes the difference for the economic partners of the certified entities.
HACA Partners Luxembourg, accredited since February 2023 by the CNPD to deliver GDPR CARPA certification, is the second company to receive this accreditation in Europe. HACA Partners Luxembourg can certify specific data protection processes for data controllers and processors based on the GDPR-CARPA certification scheme under Article 42 GDPR.
The GDPR-CARPA certification mechanism is based on an ISAE 3000 Type 2 report that provides an opinion on the correct implementation of the certification criteria. This ensures a high level of trust, a key factor in building confidence in the processing of personal data covered by the certification scheme.
The validity period of a certificate is three years, subject to a successful annual audit.
Certification may be renewed provided that the relevant criteria continue to be met. Certification is withdrawn, as the case may be, by HACA Partners Luxembourg or by the competent supervisory authority if the criteria for certification are no longer met.