List of approved certification mechanisms

National certification mechanisms approved by the CNIL

• Certification of the skills and knowledge of the data protection officer (DPO)

This certification is intended for individuals who wish to demonstrate that they meet the skills and requirements of the DPO under the GDPR.

This certification is voluntary: it is not required to perform the duties of DPO. Nor is it a necessary prerequisite to be appointed as DPO before the CNIL.

• Download the criteria to be fulfilled by the applicants
• More information about the certification of the skills and knowledge of the DPO (in French)

Willing to apply for certification ? Contact a certification body in this list.

• Certification of training providers in data protection

This certification is intended for organizations who wish to obtain recognition of the quality of the training they provide in the field of data protection.

This certification is voluntary: it is not required to offer training on the protection of personal data. Nor does it replace certification according to the French national quality standard (RNQ) for providers of actions contributing to the development of skills subject to this obligation. Finally, higher education institutions benefit from other recognition systems (see for example the Training Census published by SupDPO).

• Download the criteria to be fulfilled by the applicants (in French)
• More information about the certification of training providers in data protection (in French)

Willing to apply for certification ? Contact a certification body in this list.

• Lexing GDPR certification

This certification is intended for controllers established in France (from the public and private sector) and those established in another country of the European Union when their service targets or affects data subjects in France.

This certification is voluntary: it enables organisations to communicate on the level of data protection offered by their products, services, processes or data systems. It aims at demonstrating compliance to the GDPR and to the French Data Protection Act.

This certification cannot be used to transfer personal data outside the European Union.

• Download the criteria to be fulfilled by the applicants (in French)
• More information about the Lexing GDPR certification (in French)

Application it not possible at the moment: no certification body has been accredited yet.

European certification mechanisms approved by the EDPB

• Europrivacy certification

This certification is intended for controllers and processors established in the European Union.

This certification is voluntary: it enables organisations to communicate on the level of data protection offered by their products, services, processes or data systems. It aims at demonstrating compliance to the GDPR and to other applicable national data protection laws.

This certification cannot be used to transfer personal data outside the European Union.

• More information about the EuroPrivacy certification

Willing to apply for certification ? Contact a certification body in this list.

• Data processors certification

This certification is intended for processors established in the European Union.

This certification is voluntary: it enables organisations to communicate on the level of data protection offered by their products, services, processes or data systems. It aims at demonstrating compliance to the GDPR and to other applicable national data protection laws.

This certification cannot be used to transfer personal data outside the European Union.

• Download the criteria to be fulfilled by the applicants (in French)
• More information about the certification of data processors

Application it not possible at the moment: pending approval by the EDPB.