GDPR Certification

HACA PARTNERS has been accredited since February 2023 by the CNPD to issue GDPR CARPA Certification allowing companies to demonstrate the compliance of their processing operations with the certification criteria based on the General Data Protection Regulation (GDPR).

HACA PARTNERS is the second firm to receive the accreditation in Europe.

On top of the GDPR-CARPA certification, HACA Partners can also provide services to guide and assist you in the GDPR compliance process and/or to prepare you to be ready for GDPR-CARPA certification process (mock certification).

What HACA Partners can do for you?

HACA PARTNERS can certify specific Data Protection processes for Data Controllers and Data Processors based on the GDPR CARPA Certification Scheme under Article 42 GDPR.

The GDPR-CARPA (Certified Assurance Report-Based Processing Activities Certification Criteria) certification mechanism is based on an ISAE 3000 Type 2 report that allows for the issuing of an opinion on the correct implementation of the certification criteria. This guarantees a high level of confidence, a key factor to build trust in the processing of personal data covered by the certification scheme.

The validity period of a certificate is 3 years, subject to a successful annual audit.

The certification may be renewed, under the same conditions, provided that the relevant criteria continue to be met. Certification shall be withdrawn, as applicable, by HACA PARTNERS or by the competent supervisory authority if the criteria for the certification are no longer met.

Certification Criteria

The GDPR-CARPA certification critera are organized into 3 sections:

Section I: 

Set of criteria applying to both data controllers and processors

Contains general governance criteria

Section II: 

Set of criteria applying to data controllers

Covers data protection principles, data subjects' rights and governance criteria related to the security of processing activities

Section III: 

Set of criteria applying to data processors

Contains mainly criteria for contractual obligations (with the controller), governance of data security, subcontracting

More information about the GDPR certification scheme can be found on the CNPD website.

Certification Process

To learn more, please consult our GDPR Certification Procedure below.

GDPR Certification Procedure HACA Partners.pdf


HACA PARTNERS has designed a complaint procedure to ensure that complaints are properly investigated and are given careful and fair consideration. 

The complaints that we receive help us to better understand how we are doing and to improve. We are committed to listening to our clients, acknowledging concerns and putting things right where appropriate. We want to learn from our mistakes and improve our service.

We will treat your complaint confidentially, quickly and seriously.

If you wish to submit a complaint, please consult our Complaint Procedure.

GDPR Complaint Process HACA Partners.pdf

Should you feel that HACA PARTNERS has not addressed your concern in a satisfactory manner, you may contact the Commission Nationale pour la Protection des Données (CNPD).


15, Boulevard du Jazz

L-4370 Luxembourg

Tél. : (+352) 26 10 60 -1

Download HACA PARTNERS GDPR-CARPA related procedures

GDPR Complaint Process HACA Partners.pdf

GDPR Certification Procedure HACA Partners.pdf

Should you need further information regarding those GDPR-CARPA procedures, please contact us at