GDPR certification goes global, simplifying data transfers and compliance

The European Data Protection Board has just adopted two major opinions that will substantially facilitate international data transfers while enhancing personal data protection. It approved the extension of Europrivacy, the European Data Protection Seal of the EU General Data Protection Regulation, to be used in countries outside the EU or European Economic Area. It also approved a specific version of the Europrivacy criteria to be used as a mechanism for international data transfers under Article 46 of the GDPR.

Opening GDPR certification to the world

The first EDPB opinion (14/2026) authorizes the use of the Europrivacy certification outside of Europe. Europrivacy was previously approved to serve as a European Data Protection Seal by companies established in EU and EEA countries under Article 42. This new decision enables companies located in other countries to also request a certification demonstrating the GDPR compliance of their data processing activities.

A new mechanism for international data transfers

In its second decision (15/2026), the EDPB approved a specific version of the Europrivacy certification criteria to be used by data importers as a mechanism for international data transfers in accordance with Article 46. The data importer certification must be completed by a binding and enforceable commitment. This marks an important step in the operationalization of certification mechanisms in the context of cross-border data flows. In practice, it will enable companies acting as data importers outside the EEA to demonstrate their effective adequacy for receiving personal data from Europe. It will substantially reduce the risks and due diligence burden for all parties and strengthen legal certainty and trust in international data transfers.

A source of value creation and cost saving