Major Change in International Data Transfers: GDPR Certification Goes Global with Europrivacy

LUXEMBOURG, April 20, 2026 /CNW/ -- The European Data Protection Board (EDPB) took two major decisions that will facilitate international data transfers, while enhancing personal data protection: It approved the extension of Europrivacy, the European Data Protection Seal of the General Data Protection Regulation (GDPR), to be used in non-European countries. It also approved a specific version of Europrivacy criteria to be used as a mechanism for international data transfers under Art. 46 GDPR. 

GDPR Certification Goes Global

The first EDPB decision authorises the use of Europrivacy certification outside Europe. Europrivacy was already approved to serve as European Data Protection Seal under Article 42 GDPR by companies established in EU and EEA countries. This decision enables companies subject to the GDPR worldwide to use this mechanism to demonstrate compliance of their data processing activities. 

A New Mechanism for International Data Transfers

EDPB also approved a specific version of Europrivacy certification criteria, which may be used, in accordance with Article 46 GDPR, as part of appropriate safeguards for international data transfers. This marks an important step in operationalising certification mechanisms for cross-border data flows. In practice, it will support companies acting as data importers outside the EEA in demonstrating compliance with GDPR requirements, provided that binding and enforceable commitments are in place. This development strengthens legal certainty and promotes trust in international data transfers. 

Impact on Data Transfers

International data transfers face growing data protection obligations. The GDPR references certification 73 times. Through independent assessments and audits, it supports compliance and data transfers. Early European adopters report it enabled them to:  

• Check and demonstrate compliance;
• Reduce risks and enhance trust;
• Simplify compliance and save associated costs;
• Value compliance and turn it into a source of competitive advantages and revenues;
• Facilitate data transfers.

Moreover, Europrivacy enables companies to:

• Extend compliance assessment to non-EU jurisdictions;
• Access online resources to support compliance and certification;
• Benefit from a global ecosystem of service providers.

Towards International Data Protection Certification

By making the GDPR mechanism accessible to other countries, EDPB addresses the growing need for reliable ways to demonstrate cross-border data protection compliance. Interprivacy, the international data protection certification scheme, approved by the IAF for global use, aligns with Europrivacy. They complement each other to support a digital economy respectful of individual rights and freedoms.

Useful links

• Europrivacy: europrivacy.org 
• ECCP: eccpcenter.org
• EDPB: edpb.europa.eu 
• EDPB Opinion 1
• EDPB Opinion 2
• Webinar May 5^th: academy.europrivacy.com/events/gdpr-certification-goes-global 

SOURCE European Centre for Certification and Privacy

[email protected]