Presentation is loading. Please wait.

Presentation is loading. Please wait.

Monika W ó jtowicz, LL.M. European Privacy Seal Certification of evaluators and the application procedure from the perspective of an EuroPriSe evaluator.

Published byLogan Dean Modified over 8 years ago

Similar presentations

Presentation on theme: "Monika W ó jtowicz, LL.M. European Privacy Seal Certification of evaluators and the application procedure from the perspective of an EuroPriSe evaluator."— Presentation transcript:

1 Monika W ó jtowicz, LL.M. European Privacy Seal Certification of evaluators and the application procedure from the perspective of an EuroPriSe evaluator

2 1 EuroPriSe Expert Admission Procedure - Objectives-  Admission procedure ensures:  quality, consistency and comparability of evaluation results  independence and reliability of experts © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP114.02.2014

3  Proof of qualification: legal and/or technical  Self-declaration  Training and work specimens  Workshop & training evaluation  Proof of reliability and independence  Self-declaration  Admittance by certification body  Agreement EuroPriSe Expert Admission Procedure - Requirements- © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP14.02.20142

4  Self-declaration from applying experts with respect to proficiency  General professional experience  Three years with higher education or five years without higher education  Sufficient professional experience in auditing, assessing or evaluation related to privacy and data protection, either on legal or on technical aspects  Legal experts additionally: higher education (e.g. bachelor, master, diploma) in law EuroPriSe Expert Admission Procedure - Proof of qualification - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP14.02.20143

5  Self-declaration from applying experts with respect to independence, reliability and liability insurance coverage  Reliability  A potential expert is not reliable if he or she has been convicted of major crimes including fraud and forgery of documents as well as breaking regulations on data protection or if he or she lives in unsatisfactory financial circumstances (such as current insolvency proceedings) or has been dismissed as an expert by an accreditation body before.  Independence  An expert lacks independence respective the seal-applicant if he or she is not independent with respect to the evaluation assessments (e.g. due to involvement in the development process of the evaluated object or because of directives from employers or clients) or if the total revenue derived from the client totals to 80% or more of the overall revenue of the expert or his or her employer.  A declaration of independence is required for each individual evaluation. EuroPriSe Expert Admission Procedure - Proof of reliability and independence - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP14.02.20144

6  To get accustomed to the evaluation scheme and the report templates  To get a feeling on the complexity of the scheme (time, effort)  To get familiar with EuroPriSe procedures and criteria  To receive a tutorial for real-case evaluations including a training evaluation on an exercise IT product or IT-based service EuroPriSe Expert Admission Procedure - Expert-Workshop objectives - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP14.02.20145

7  EuroPriSe Criteria  EuroPriSe Commentary for Experts  lists the criteria and relevant questions  Commentary on interpretation of criteria (European Court rulings, WP29)  provides additional hints for EuroPriSe Experts (in particular on how to write an evaluation report)  EuroPriSe Manual  Information on how to conduct an evaluation and on evaluation reports  Templates  Confidential Report  Public Report EuroPriSe Expert Admission Procedure - Workshop – procedures, criteria and documents - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP14.02.20146

8  Group training on:  How to find out the Target of Evaluation (ToE)  How to start an evaluation  Discussion of the first evaluation results  Presentation of sample cases of evaluation and ToE-examples Subsequent to the Workshop: Compilation of training evaluation at home EuroPriSe Expert Admission Procedure - Workshop – training evaluation - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP14.02.20147

9  Step 1: Definition of a Target of Evaluation and analysis of its environment  all types of data  data flow  ToE components  architecture  intended environment of operation and the area of application, (relevant for the regulatory analysis)  single processes  all interfaces  Step 2: Selection of the applicable criteria  Due to regulatory analysis  Legal experts - sets 1, 2 and 4, Technical experts - sets 1, 3 and 4 of the criteria catalog  Step 3: Evaluation with respect to selected criteria  Decide and explain whether and why criteria requirements are met  Step 4: Compilation of a comprehensive report  Content: Steps 1-3 and final evaluation results EuroPriSe Expert Admission Procedure - Homework – steps to take - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP14.02.20148

10  Set 1. Fundamentals, e.g. purpose, avoidance, transparency  Set 2. Legitimacy of Data Processing e.g. legal basis  Legal Basis for the Processing of Personal / Sensitive / Traffic and Location Data  Special Requirements to Different Processing Phases  Compliance with Data Protection Principles and Data Protection Duties  Special Types of Processing Operations  Formalities  Set 3. Technical-Organisational Measures  general e.g. unauthorised access  Specific, e.g. encryption  Set 4. Data Subjects’ Rights EuroPriSe Admission Procedure - Homework – criteria sets - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP14.02.20149

11  10-15 pages  Time effort about 16 h  Time limit for the conduction of training report: 4 weeks EuroPriSe Expert Admission Procedure - Homework – requirements - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP14.02.201410

12 The EuroPriSe Expert Register listing all admitted experts is available at: https://www.european-privacy-seal.eu/ws/EPS-en/Register-of-experts EuroPriSe Expert Admission - Expert Register - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP14.02.201411

13  Admission is granted for three years  Prolongation:  successfull conduction of EuroPriSe evaluation or  participation in a EuroPriSe Expert enhancement workshop EuroPriSe Expert Admission - Validity - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP14.02.201412

14  Repetition and self-assessement of required data protection knowledge  Feedback from the certification body on the training evaluation report  First practical experience on EuroPriSe cerification scheme  Planning reliability - feeling about the complexity of the scheme (time, effort) before the first real evaluation EuroPriSe Expert Admission Procedure - Benefit for experts- © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP14.02.201413

15 TÜV Informationstechnik GmbH Member of TÜV NORD GROUP Monika Wójtowicz, LL.M. IT-Security Head of Data Protection Evaluation Center (Legal) Langemarckstr. 20 45141 Essen Telefon:+49 201 8999 – 535 Telefax:+49 201 8999 – 544 E-Mail:m.wojtowicz@tuvit.de URL:www.tuvit.de Thank you very much for your attention! © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP14.02.201414

Download ppt "Monika W ó jtowicz, LL.M. European Privacy Seal Certification of evaluators and the application procedure from the perspective of an EuroPriSe evaluator."

Similar presentations

ENQA seminar: Programme oriented and institutional oriented approaches to quality assurance - New developments and mixed approaches Berlin, 13/14 June.

ENQA seminar: Programme oriented and institutional oriented approaches to quality assurance - New developments and mixed approaches Berlin, 13/14 June.
Chapter 6 Process and Procedures of Testing

Chapter 6 Process and Procedures of Testing
AUDIT IN PUBLIC ADMINISTRATION Assoc. Prof. Dr. Recai AKYEL President of the TCA 04 JUNE 2013 TIRANA/ALBANIA.

AUDIT IN PUBLIC ADMINISTRATION Assoc. Prof. Dr. Recai AKYEL President of the TCA 04 JUNE 2013 TIRANA/ALBANIA.
The New TNI Laboratory Accreditation Standards Requirements for an Accreditation Body.

The New TNI Laboratory Accreditation Standards Requirements for an Accreditation Body.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Enhancing Data Quality of Distributive Trade Statistics Workshop for African countries on the Implementation of International Recommendations for Distributive.

Enhancing Data Quality of Distributive Trade Statistics Workshop for African countries on the Implementation of International Recommendations for Distributive.
Legal Executives By Lisa Incledon. Legal Executives Qualified lawyer Normally specialising in a particular area of law To be a fully qualified ‘Legal.

Legal Executives By Lisa Incledon. Legal Executives Qualified lawyer Normally specialising in a particular area of law To be a fully qualified ‘Legal.
Spring Conference of the European Privacy Commissioners 2002 in Bonn 1 Privacy Protection Audit/Seal of Quality - Practical Experience Dr. Helmut Bäumler.

Spring Conference of the European Privacy Commissioners 2002 in Bonn 1 Privacy Protection Audit/Seal of Quality - Practical Experience Dr. Helmut Bäumler.
EMS Auditing Definitions

EMS Auditing Definitions
9.401 Auditing Chapter 1 Introduction. Definition of Auditing The accumulation and evaluation The accumulation and evaluation Of evidence about information.

9.401 Auditing Chapter 1 Introduction. Definition of Auditing The accumulation and evaluation The accumulation and evaluation Of evidence about information.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
The Information Systems Audit Process

The Information Systems Audit Process
SAFA- IFAC Regional SMP Forum

SAFA- IFAC Regional SMP Forum
EVALUATION AND QUALITY ASSURANCE STRATEGY PRESENTED BY DR SHYAM PATIAR.

EVALUATION AND QUALITY ASSURANCE STRATEGY PRESENTED BY DR SHYAM PATIAR.
1 Human resources management in NSOs Training workshop for SADC member states. Luanda, 2-6 Dec 2006 Olav Ljones, Deputy Director General, Statistics Norway.

1 Human resources management in NSOs Training workshop for SADC member states. Luanda, 2-6 Dec 2006 Olav Ljones, Deputy Director General, Statistics Norway.
Standards and Guidelines for Quality Assurance in the European

Standards and Guidelines for Quality Assurance in the European
Exemptions and the Public Interest Test Louise Townsend - Masons.

Exemptions and the Public Interest Test Louise Townsend - Masons.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Clinical Research Conference 2012 Legal, Ethical, and Social Dimensions of Clinical Research Takis Vidalis, Ph. D., Hellenic National Bioethics Commission.

Clinical Research Conference 2012 Legal, Ethical, and Social Dimensions of Clinical Research Takis Vidalis, Ph. D., Hellenic National Bioethics Commission.

Similar presentations

Ads by Google