Technical Standard related to personal data protection

Sep. 3 2018

This Technical Standard has been developed with the input of data protection specialists and is based upon 30 years’ experience of best practice procedures for organizational management.

Technical Standard related to personal data protection

Target GDPR compliance by implementing Bureau Veritas' free Technical Standard for data protection
Protect your brand and demonstrate digital responsibility 
The regulation requires organizations to assume full liability for the data they control or process, so that they must define related processes and allocate internal resources and skills to ensure optimal personal data protection (the principle of accountability).
Demonstrating that the processing operations carried out by data controllers or processors and their subcontractors and service suppliers comply with the Regulation constitutes a key challenge for companies in terms of brand reputation and image, the penalties that may be incurred as well as in terms of competitiveness.

Hence the development of this certification scheme has been initiated to enable companies to demonstrate their compliance with these new obligations.

The purpose of this certification scheme is to define the technical, organizational and documentary provisions related to accountability requirements as defined in the Regulation: Accountability is a new principle of liability which requires companies to be able to justify all the control and monitoring system set up to ensure personal data protection compliance. This Technical Standard has been developed with the input of data protection specialists and is based upon 30 years’ experience of best practice procedures for organizational management.

•     Applicable to data controllers and data processors
•     Aligned with standardized management system approach to simplify implementation


•    Increase market credibility and protect your reputation
•    Build trust with staff, stakeholders, and customers
•    Prove due diligence on data protection to the authorities

To learn more about our services, please contact us today


Your personal data are collected by Bureau Veritas Services, simplified joint-stock company, having its registered office at 8 Cours du Triangle, 92800 PUTEAUX, France, and are subject to computer processing in order to respond to questions from the media about the Group or its subsidiaries on the basis of your consent, and to respond to customer complaints, on the basis of the service contract that you have entered into with a subsidiary of Bureau Veritas.

Your personal data are intended for the Certification service line or the Quality, Health & Safety and Environment department of the Bureau Veritas Group, depending on the nature of your request, and for their service providers, providing consulting and technical services as well as for the Bureau Veritas IT department. They will be retained for a period of one year for media requests and ten years for customer complaints from your request.

Your personal data can be transferred outside the European Union, in countries where Bureau Veritas subsidiaries operate, on the basis of standard contractual clauses established by the European Commission, available on request, by writing to: https://personaldataprotection.bureauveritas.com.

Fields marked with an asterisk must be filled in. Otherwise, Bureau Veritas Services would not be able to answer your questions and/or complaints.

In accordance with the French Data Protection Act of 6 January 1978 as amended and the General Data Protection Regulation of 27 April 2016, you have the right to access, rectify and erase any personal data concerning you, as well as the right to limit the processing, the right to oppose to the processing or the right to portability of your personal data. You have the right to withdraw your consent at any time by connecting to the site https://personaldataprotection.bureauveritas.com and unchecking the box dedicated to the collection of your consent. You also have the right to set out general and specific guidelines that define how you intend these rights to be exercised after your death. You can exercise your rights online to lodge a complaint to the Commission Nationale Informatique et Libertés (CNIL) in France or the relevant authorities in your country.