Privacy

EU Data Protection Compliance with ePrivacy

Becky Doles

ePrivacysealWith all of the recent data protection developments around the Safe Harbor, and news of a revised EU data protection law being finalized this year in Europe, it’s a good time to revisit and review your EU data protection compliance.

This is particularly true for countries with unique privacy requirements, like Germany. Germany has one of the strictest privacy laws on the planet, which is why when TUNE began the process to get MobileAppTracking (now, Attribution Analytics) certified under Germany’s privacy law, we turned to the experts—ePrivacy GmbH. In this blog post, we chat with Christoph Bauer and Katherina Omeltschenko to learn more about the ePrivacy certification, what’s involved, and the benefits for companies doing business in Germany.

Why do you think the ePrivacy seal is important for companies doing business in Germany?

Certifications are a great way to show compliance and commitment to your industry. Not only in Germany, but everywhere else in business it is important to build trust—trust both as a customer or as a business partner. Germany is well known for very high requirements regarding data protection and data security in the world. Doing business in Germany requires compliance to high standards, and this is what we help companies with. We not only certify companies that are compliant , but we also support our customers on improvements during the audit.

How do the EU requirements differ from the U.S. requirements?

As we have seen from the Safe Harbor case, in Germany and generally in Europe, the requirements are fundamentally different from those in the U.S. The data protection in the U.S. is much more freely regulated juridically by laws or comparable regulations. Europe and the U.S. simply pursue other strategies with the subject of data protection. In Europe and Germany, general principles and several laws regulate the data protection at the same time and for everybody equally (including more specific laws).

Our certification process contains five steps:

  1. We clarify the requirements which are in general data privacy compliance of the products—the data proceeding process and transparency within the user and customer communication. The goal of the certification is to ensure active data privacy which gives a company a competitive advantage and can be used in marketing and customer relations. We talk with our customers about the requirements and the legal situation in Europe, so we are on the same page.
  2. We start the analysis of the product in separate technical and legal evaluations. Therefore, we need documentations and insight in the processes of data proceeding.
  3. When we have all the needed information we give our customer feedback, support and time for optimization. This step is needed as we want to make sure the company meets the legal requirements and does not fail the final evaluation.
  4. We finalize the evaluation and both the legal and the technical reports, which may contain further requirements and recommendations.
  5. We award the seal, which is valid for two years. The reports and the certificate can gladly be used for external communications as with privacy authorities, websites, and main customers.

What are the general challenges and benefits clients see from the ePrivacy certification process?

We have noticed that the challenge is often to provide us with all the needed information from fear of disclosing too many “company secrets“. We certainly are working with many different companies, often competitors, but we have a very safe way of handling client data ourselves: We only look at the data protection topics and nothing else, so we are not interested in the business knowhow. It is only your data proceeding process we want to take a look at. And we only can support and audit companies sufficiently if they trust us and give us genuine insight. In this way we can award our seal, work efficiently, and learn from all the different perspectives. And this is something that benefits everyone: from the users, as we can assure a high market standard of privacy; to our customers, as they can be sure they meet all the legal requirements; to business partners, as they can be at peace about working together with companies we have certified. The ePrivacy Criteria Catalogue is also publicly accessible and can be downloaded on our webpage.

What is the value companies ultimately get from integrating the seal?

ePrivacy is a very well known certification provider, but our customers value additionally our “German efficiency“ and the thoroughness we put into our work and the audits. We are simply not into “quick and dirty“. We bring together very solid technical and legal professionals to make sure we get secure results in our audits. The other day, we received feedback from one of our customers about how our detailed process really makes a difference and how they could receive the acceptance of a tender after showing our seal multiple times already. This makes us proud and shows that we are on the right path. As our criteria catalogues are publicly accessible and show precisely how we work and how high our standards are—we provide a high level of transparency. As far as I know, we are one the very few certification providers that disclose their criteria and their certification process. So it is easy for everyone to compare the standards and to forward the catalogue, the reports, and the certification in case it is needed. And to have a bundle of official documents from accredited legal and technical experts on hand, showing the compliance of your company, makes dealing with legal authorities and business partners much easier, safes costs and you can feel confident knowing all is in the very best order.

Like this article? Sign up for our blog digest emails

Author
Becky Doles

Becky is the Senior Content Marketing Manager at TUNE. Before TUNE, she led a variety of marketing and communications projects at San Francisco startups. Becky received her bachelor's degree in English from Wake Forest University. After living nearly a decade in San Francisco and Seattle, she has returned to her home of Charleston, SC, where you can find her enjoying the sun and salt water with her family.

Leave a Reply