- Contact The DPO Centre
- +44 (0)203 797 1289
- hello@dpocentre.com
The DPO Centre marks International Women’s Day with community fundraiser
April 14, 2026
On 15 April 2026, the European Data Protection Board (EDPB) adopted Opinions 14.2026 and 15/2026, formally approving updated Europrivacy criteria under the General Data Protection RegulationRegulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). (GDPR).
This decision confirms Europrivacy as an official certification scheme and extends how organisations can use it in practice, particularly in international and multi-jurisdictional processes.
Expanding the scope of GDPR certification
Opinion 14/2026 confirms Europrivacy as a European Data Protection Seal under Article 42(5). This enables organisations to demonstrate compliance against defined GDPR criteria through an independently assessed certification framework.
The updated scope makes clear that Europrivacy is not limited to EU-based organisations. Non-EU controllers and processors that operate under the GDPR can also use the certification to evidence compliance. This is relevant for organisations offering goods or services to individuals in the EU, or monitoring their behaviour, where demonstrating accountability remains a key requirement.
Additional option for cross-border data transfers
Opinion 15/2026 also extends the framework to international data transfers under Article 46. Certification can now be used as part of the ‘appropriate safeguardsWhen transferring personal data to a third country, organisations must put in place appropriate safeguards to ensure the protection of personal data. Organisations should ensure that data subjects' rights will be respected and that the data subject has access to redress if they don't, and that the GDPR principles will be adhered to whilst the personal data is in the...’ required when transferring data outside the EU, where binding and enforceable commitments are in place. It does not replace mechanisms such as Standard Contractual Clauses (SCCs) but offers an additional option for compliant cross-border transfers, especially for organisations working with non-EU vendors.
What this means for organisations
Ben Seretny, COO at The DPO Centre explains:
‘Expanding Europrivacy as a mechanism for international transfers and allowing non-EU organisations to be certified makes it a far more attractive GDPR certification for businesses operating globally.
‘For international transfers it gives organisations another way to demonstrate that appropriate safeguards are in place, especially when working with non-EU customers and vendors across different jurisdictions.’
As regulatory expectations only continue to increase, certifications schemes like Europrivacy will likely play a growing role in how organisations manage risk and demonstrate compliance across borders.