Logo Inveo Certification

Select your language



We are a certification body accredited by Accredia (Accreditation body designated by the Italian government under Reg. 765/2008/EC) in the field of data protection activities, against the ISO/IEC 17065:2012 standard.
Accredited for voluntary, and unregulated, certification of compliance with applicable regulations, including GDPR, for ISDP©10003 (GDPR compliance assessment) and SGCMF©10002 certification schemes - compliance of pharmaceutical companies' health care professionals' records with the combined provisions of EU Reg. 2016/679 and 219/06.

The independence and expertise gained by our Lead auditors in the field, coupled with the establishment of procedures for issuing, reviewing and withdrawing certifications as well as facilities for handling complaints related to certification violations, enable INVEO CERTIFICATION to position itself as a state-of-the-art certification body.


ACCREDIA through accreditation therefore ensures that they are complied with:


Representation of all stakeholders within the body


GDPR auditors and certification/reporting committees ensure that there are no conflicts of interest with the company to be certified


Ensure that the activities of separate legal entities with which Inveo has relations, does not compromise the impartiality of its activities


Accreditation primarily certifies that the personnel engaged in verification activities are culturally, technically and professionally qualified.
Certification is an Accountability tool. The entry into force of EU Reg. 679/2016, revolutionized the concept of "Accountability" (Accountability) of the Data Controller (art.5.2) by providing the latter with new and valuable tools to support the demonstration of compliance with the regulation (art.24).
Certification is a tool to measure yourself, to optimize your internal management system and privacy system, and to demonstrate that you have become aware of your "level of personal data governance" and have implemented technical and organizational measures to comply with current data protection regulations.


Certification (Article 42 of the GDPR) is a voluntary tool for assessing and demonstrating one's compliance with the European regulation on the processing of personal data.
Article 42 identifies the obvious task that the GDPR places on member states, supervisory authorities, the committee and the commission to "encourage" the use of certification mechanisms.

Certification does not absolve controllers and supervisors from their GDPR obligations, but it is a safeguard to the data subject on compliance with processing and a mitigating factor in the event of any sanctions.

Why should I certify myself?

Because Data Controllers and/or Processors within certified products/processes and services substantiate assurances to themselves, the market and regulators.

The certification shows that the owner or responsible:
Work according to standard
Demonstrates Accountability
Demonstrates to the Supervisory Authorities that it has voluntarily performed an act of due diligence
Has safe, documented and standardized procedures.
Ensures confidence of stakeholders.


All processes of processing of personal data that the owner and manager carry out as part of the products, processes and services, made or otherwise provided, subject to the regulation of national and European privacy standards.


Aspecific Certifications

Certification schemes that (ISO 9001, ISO 25024, ISO 27001, ISO 27018, etc.) are based on international standardization standards. We can call them non-specific, precisely because of their partiality of coverage and type of accreditation required.

In any case, they represent a "best practice" for demonstrating compliance with individual processes called out by the GDPR.

Specific Certifications

Certification schemes defined from the set of provisions (articles and recitals) of the GDPR and following the obligation of certification for products, processes and services (ISO/IEC 17065).

So they are certifications that incorporate all the controls required even by the particular areas covered by the aspecific certification standards.


Certificazione 10003

GDPR Certification ISDP©10003

Created to meet the rules operational since 2018 and born out of the need to assess compliance with the GDPR. The ISDP©10003 scheme is applicable to all owners and managers within the products, processes and services, implemented or otherwise provided that want to demonstrate their Accountability and specifies the requirements for the management in fairness, security and compliance of personal data of natural persons with regard to the processing of personal data and the free movement of the same.

The outline provides principles and lines of control for a comprehensive assessment of GDPR compliance of the owner's or manager's internal processes regarding the protection of personal data with particular reference to the proper management of risks.
Certificazione Sperimentazioni cliniche

Certification of processes for handling personal data in clinical trials

The scheme stems from the need to protect the personal data of all those subjects who participate in clinical trials, aimed at discovering the effects of drugs and their adverse reactions. Indeed, in some cases, given the distance of the subjects outside the company, the circulation of information and biological samples can be quite complex and insecure.
Certificazione 10002

SGCMF©10002 Pharmaceutical Certification

SGCMF©10002 is a scheme aimed at assessing the compliance of the records of health care professionals visited by pharmaceutical companies with the combined provisions of 219/06 regulating the advertising of medicines and current data protection regulations.
Certificazione farmindustria

Farmindustria code of ethics certification

The certification aims to ensure that the system implemented by pharmaceutical companies complies with the requirements defined by the regulations and the Code. The scheme is not limited to compliance with the Code of Ethics, but obliges pharmaceutical companies to operate in full transparency and according to behavioral norms.
Would you like to get clarification on the most suitable certification path for your company?