Back to Blog

CDP Data Privacy & Security Certification Checklist for GDPR

CDPs, mostly originating from North America, do a great job of unifying customer data under one roof. However, for those marketers based in Europe or for those campaigns that breach its borders, CDPs often lack the data privacy and security compliance standards needed to operate within such stringent compliance rules as GDPR. 

This causes problems for customers and companies alike: customers care about their data, how it’s collected, stored and used so they need to feel confident that their consented data is handled with care. Meanwhile, companies that lose access to (or misuse) valuable data can result in legal implications that incur massive losses.

So while a CDP is a marketer’s best bet to pool together customer data into one single ID and activate it, if it’s missing the critical layer of data privacy compliance, it’s essentially useless.

The task of finding a CDP that ticks the right boxes may be daunting, so the following checklist outlines the privacy and security certifications your CDP needs to have to ensure your data foundation is compliant.

1. CDPs and Data Privacy 

When the General Data Protection Regulation (GDPR) came into effect in 2018, it enforced much stricter guidelines for the collection and use of personal data in the EU while its American counterpart, the California Consumer Privacy Act (CCPA), also empowered consumers. This meant that brands had to not only find a way to orchestrate consent but also prove that their practices and tools were compliant.  

To ensure that your CDP is compliant with European data privacy standards, you’ll need to watch for key privacy and consent compliance certifications such as the EU Data Protection ePrivacy Seal and IAPP and FPF corporate membership

The former indicates GDPR compliance, whilst the latter demonstrates the organisation’s participation in international memberships like the IAB Consent Framework. As a German-based company, Zeotap was certified with the ePrivacy Seal in 2016 and again in 2018, and is a key member of the IAB.

Once you’ve ticked data privacy off the list, you’re going to need to take a closer look at data security standards. 

2. CDPs and Data Security

A CDP forms the basis of your data, stitching together identities from multiple attributes and helping achieve a single and unified view of your customers. You’ll therefore need to ensure that the environment it operates in is compliant with up-to-date security regulations. The following key Information Systems certifications set the standards globally:

  • The ISO/IEC 27018 demonstrates that Personally Identifiable Information (PII) in public cloud computing environments is protected.
  • The ISO/IEC 27017:2015 and ISO/IEC 27001 ensures that an organisation’s controls-based use of cloud services is certified and promotes a safe cloud environment. 
  • To top off the data security certifications, look out for the CSA Security, Trust, Assurance and Risk (STAR).  This certification is given on successful ISO 27001 certification completion and when additional cloud-based requirements are met.

Zeotap is proud to count the ISO/IEC 27018, ISO/IEC 27017:2015, ISO/IEC 27001 and CSA Security, Trust, Assurance and Risk (STAR) as part of its accreditations.

3. Key Personnel Security and Privacy Certifications

After evaluating your CDP for privacy and data security, you now need to ensure that members of the team are up to the challenge of ensuring end-to-end compliance. The main two certifications that confirm this are:

  • (ISC)2CISSP, which proves that one or more of the team members can effectively design, implement and manage a best-in-class cybersecurity program to ensure maximum security.
  • The Certified Information Privacy Technologist (CIPT), which demonstrates a company’s commitment to privacy through its top management being IAPP Certified International Privacy Technologists.

Zeotap prides itself on the fact that our team members have achieved both the (ISC)2CISSP and Certified Information Privacy Technologist (CIPT) certifications.

How Zeotap Prioritises Privacy

Zeotap’s Customer Data Platform was built for the demanding standards of Europe with its products designed around consent and privacy. Zeotap helps brands achieve privacy-first personalisation across multiple use cases, such as personalising the user journey or cookieless ad targeting in a privacy-first world.


It’s important for businesses to consider what a CDP can do when it comes to data privacy and security. With data privacy likely to become more and more important in the coming years, the role and importance of a CDP is likely to follow a similar trend.

Interested to learn more about Europe’s leading privacy-first CDP? Reach out to our experts to get a demo.

Share this post

Related blog posts

Sign up for our newsletter

Be the first to get access to our marketing resources and keep up to date with the latest CDP best practices, privacy standards, marketing, and customer data.

Industry recognitions

Trusted by

What our customers say

Schedule a Demo

It is simple to deliver amazing customer experiences without compromising user privacy. Complete the short form, and we’ll be in touch to schedule your demo.