Since the 19th of May 2023, Grant Thornton Audit and Assurance has been accredited by the Commission Nationale pour la Protection des Données (CNPD) to provide GDPR-CARPA certifications for organisations. As a certification body, we are authorised to certify personal data protection processing activities.

Learn about the process that would be followed for your firm to become certified.


What Grant Thornton Audit and Assurance can do for you

  • Assess whether the GDPR certification program is best suited to you
  • Benchmark your state of compliance relative to the GDPR-CARPA criteria
  • Deliver an ISAE 3000 report paired to the GDPR-CARPA criteria
  • Certify selected processing activities in line with the GDPR


Why choose Grant Thornton Luxembourg for your GDPR-CARPA certification

By choosing Grant Thornton Audit and Assurance, you obtain assurance from a firm that:

  • Is accredited by the Luxembourgish national supervisory authority
  • Benefits from extensive expertise in the data protection field
  • Is composed of multidisciplinary teams of seasoned experts, with extensive field experience in personal data protection, information security and assurance
  • Is part of a global professional services network


For more information about GDPR-CARPA, please contact

Our GDPR-CARPA Certification

GDPR-CARPA Certification Process

Grant Thornton Audit and Assurance is accredited by the CNPD to be a certification body eligible to perform GDPR-CARPA certification assessments and issue GDPR certificates following the completion of an ISAE 3000 assurance engagements for the test of design and test of operational effectiveness.

Hugues Wangen
Partner, Audit & Assurance
Hugues Wangen