FAQ
Find answers to the most frequently asked questions.
How do I find out whether my company meets the criteria for the D‑seal?
There is only one label, but the number of criteria the company has to meet will vary according to its size, use of data and IT and impact on humans, so the D‑seal is relevant to all companies from small businesses to large corporations with several thousand employees.
The D‑seal provides guidance to companies to make it easier for them to gain an overview.
To find out whether your company meets the D‑seal criteria and requirements, you can request access to the D‑seal self-evaluation tool.
See process for obtaining the D‑seal.
Which companies are eligible for the D‑seal?
The D‑seal is relevant to any type of business with a CVR-number in Denmark.
Companies can obtain the label by meeting the D‑seal requirements within data security, data protection and data ethics.
The D‑seal cannot currently be awarded to a company that does not have a CVR number in Denmark.
At the inspection stage, the activities listed under the registered CVR number will be checked.
If you have any questions about company types and setup in the self-evaluation tool, please write to contact@d-seal.eu.
Can Danish public-sector enterprises be awarded the D‑seal?
The D‑seal is not currently aimed at the public sector in Denmark. The public sector covers e.g. all bodies financed by separate grants from the national budget, including regions, municipalities, schools, courts etc.
Where do I find the criteria, and can they be downloaded?
The company can view a cut-down version of the D‑seal criteria on the D‑seal criteria page.
When the company is set up in the free self-evaluation tool, it access to the specific set of criteria and requirements applicable to it. It is also possible to download the criteria set as an Excel file. For now, the criteria set is only in Danish.
You can view the process for obtaining the D‑seal, or request access to the self-evaluation tool by writing to contact@d-seal.eu.
When will the criteria set and self-evaluation tool be available in English?
The criteria set and self-evaluation tool are already available in English, just choose your language in the upper right corner here.
How does a company self-evaluate?
The D‑seal has produced a self-assessment tool which is free of charge, in which the company can evaluate whether it meets the D‑seal criteria and requirements. There are no binding obligations attached to the self-assessment tool.
D‑seal provides the tool free of charge to Danish companies, to turn digital responsibility into a position of strength.
Once the company has been set up in the self-assessment tool, you can login here.
Why can’t I log in to the self-evaluation tool?
Don't worry, if you experience any problems please get in touch with us;
Phone: +45 33 77 33 77Email us:
contact@d-seal.euHow does the D‑seal compare with other similar initiatives?
The D‑seal is unique, because it is the first of its kind in the world to cover both IT security and responsible use of data.
The D‑seal is for all types of business, and the label is awarded at the company level and not to specific products and services.
Has the D‑seal been mapped to other frameworks?
Yes, we have mapped to other frameworks at level 3 of the D‑seal structure. You can find the D‑seal mapping to other frameworks on our Danish website under ‘`Guides'. Currently the mapping is in Danish, but don't hesitate to reach out to us if you have any questions on contact@d-seal.eu
Is it easier to obtain the D‑seal if we are already working under other frameworks such as ISO/IEC 27001?
There is no shortcut or “fast track” process for companies with other certifications.
However, it will be easier for the company to complete the D‑seal self-evaluation if it already has certifications or standards within IT security and responsible use of data.
Does the D‑seal go beyond the GDPR?
Yes, the D‑seal is more than just GDPR rules.
The GDPR is mandatory, whereas the D‑seal is an active choice for companies that wish to demonstrate digital responsibility.
Companies with the D‑seal will have considered not only personal data but also other business-critical information, and will have drawn up an overview of IT systems, services, network components, devices, software and activity-based algorithms/AI use-cases (see Criterion 1) which handle either personal or business-critical data.
The GDPR is a general framework which does not contain any specific instructions. The D‑seal, on the other hand, includes concrete instructions to help companies to comply with e.g. Article 32 on security of processing (see Criteria 1, 2, 3 and 6) or Article 25 on data protection by design and by default (see Criterion 6).
The D‑seal is broader than the GDPR as it also lays down concrete requirements on algorithms and AI. Article 22 of the GDPR contains requirements for automated individual decision-making, including profiling, but the D‑seal has a separate criterion dealing with trustworthy algorithms and artificial intelligence (see Criterion 7).
Finally, the D‑seal also includes requirements for data ethics, which crop up in several places in the structure (see Criteria 1, 2, 4, 6, 7 and 8).
Is there an accredited certification body for the D‑seal?
D‑seal’s Lead Auditors are responsible for audit and control prior to award of the label.
The audit and control process is designed to ensure that the company meets the criteria and requirements assigned to it.
The company will be awarded the D-seal for one year at a time if it can demonstrate that it meets the requirements.
Can I prevent hacking and breaches of security with the D‑seal?
The D‑seal provides no guarantee against hacking or breaches of security. However, the company will be better placed to handle these events with the D‑seal than without.
How long does the award of the D‑seal last?
The D‑seal is valid for one year from the award date, e.g. from 1 February 2022 to 31 January 2023.
To renew, the company has to pass through the process (1 – 6) again.
What do we do if our company situation changes?
It is the company’s own responsibility to keep its classification in a business group up to date. In the event of major changes to its situation, the company must write to contact@d-seal.eu.
Where do I report any misuse of the D‑seal?
If you find that the D‑seal is being misused, report this by writing to contact@d-seal.eu.
Are the UL International Demko D Mark and the D‑seal the same?
No, the UL International Demko D Mark and the D‑seal are not the same.
The UL International Demko D Mark belongs to UL, and may be used by companies that have acquired the right to use the label by having their electrical products tested and certified according to European standards. The UL International Demko D Mark can be seen on electrical equipment and is used at the product level. The D Mark signals to all consumers and the relevant authorities that an independent third party has found the product to comply with the relevant European electrical safety standards.
The D‑seal is aimed at all types of business that process data, including personal data. The D‑seal works for all companies, from SMEs to the largest corporations. That is why the number of criteria that a company has to meet depends on its risk profile, including the size of the company and its use of data and IT. The D‑seal is only awarded to companies that meet the D‑seal requirements for IT security and responsible use of data. The D‑seal is awarded at the company level and not the product level.
Read more about the difference between UL’s D Mark and the D‑seal.