The ICO recently announced that it will be creating GDPR certification schemes that will enable organisations to easily demonstrate their compliance to GDPR.
The Commissioner’s Office plans to open the submission process for certification schemes later this year once it has finalised and published its accreditation requirements for certification bodies. In the meantime, it is welcoming enquiries from organisations that are in the process of developing GDPR certification schemes.
Certification schemes will be a set of criteria or standards that companies can follow to demonstrate compliance with either a specific or general rule of GDPR for example, on secure storage or personal data.
Certification schemes will be created by companies putting forward suggestions to the ICO. The ICO will consider the proposals submitted by participating companies and will determine the schemes that will be launched. Those certification schemes will then be “delivered” by accredited certification bodies. These bodies will have the power to run certification schemes after it has been approved by the UK Accreditation Service (UKAS).
Once all this has happened organisations will be free to apply to an accrediting body for certification that they comply with a particular scheme. Their certificate will be valid for a maximum of three years and will be subject to periodic reviews. Where organisations are found to no longer meet the criteria the certifications will be withdrawn.
Signing up to a scheme is entirely voluntary, but it will give organisations competitive advantage as it will demonstrate its commitment to data. It is thought that it will also form an important part of public relations to customers and it will be considered as a mitigating factor if the ICO imposes a fine in the future.
Certification is going to create a new level of GDPR compliance and organisations that collect, handle and manage large volumes of customer data should welcome the initiative. Of course, we will be monitoring developments and will ensure that we can advise our clients on the most relevant certification schemes for them.
If you want to know and understand more about the way data is changing the world you live in, or would like to know how data can add value to your business, please email me at email@example.com