Is your organisation ready for GDPR Data Privacy Certification?
Currently, there is no approved certification scheme or accredited certification bodies for issuing GDPR certificates but the Information Commissioner’s Office (ICO), in London, has announced that it is preparing to introduce a GDPR certification scheme by the end of 2019.
The ICO says the scheme will be a way for organisations to demonstrate compliance with GDPR. Once an accredited certification body has assessed and approved an organisation, it will issue a data protection certificate valid for three years. The ICO has stressed that the scheme will be voluntary and be available to both large and small businesses. The ICO also adds that customers will be able to use the programme to assess the level of data protection of company products or services.
ID Senior Vice President, Philip Adams, has welcomed the ICO’s announcement.
“Introducing a GDPR certification programme is a positive step that will not only offer assurance to customers but enable responsible companies to clearly demonstrate best practice,” he said. “As a leading international Data Privacy Consultancy, ID supports the actions and values of the ICO. From the beginning, we have advised our clients that GDPR is the highest standard in the world and that the ICO one of the most proactive agencies. Certification is about business best practice and building a trusting and transparent relationship with your customers,” he added.
The proposed certification scheme will help to:
- Demonstrate compliance with the provisions on data protection by design and by default (Article 25(3));
- Demonstrate that companies have appropriate technical and organisational measures to ensure data security (Article 32(3)); and,
- Support transfers of personal data to third countries or international organisations (Article 46(2)(f)).
Obtaining certification will also help organisations to:
- Be more transparent and accountable;
- Have a competitive advantage;
- Create effective safeguards to mitigate the risk around data processing and the rights and freedoms of individuals;
- Improve standards by establishing best practice;
- Help with international transfers; and
- Mitigate against enforcement action.
Further information may also be obtained from: