The General Data Protection Regulation (GDPR) allows the ICO to approve certification schemes in the UK that set standards for proper and lawful handling of personal data associated with the activities covered by each scheme. Certification enables data controllers and processors to demonstrate to regulators, business partners, customers and others that they are complying with data protection laws in relation to their activities, and achieve a competitive advantage.
The ICO has now approved three UK certification schemes for these purposes. These are:
- A scheme for businesses that carry out data sanitisation work in the course of destroying or re-using IT equipment - eg by permanently removing data from computer hard drives or photocopiers. The standard was developed by the Asset Disposal and Information Security Alliance (ADISA). No certification body has been specified by ICO yet. (See ADISA ICT Asset Recovery Certification 8.0 [ICO-CSC/003, ICO-CSC/004]).
- A scheme for businesses using systems which verify or estimate a person’s age before that person can access age-restricted products or services, which tests whether those systems work. The scheme was developed by the Age Check Certification Scheme (ACCS) and the certification body is Age Check Certification Services Ltd. (See Age Check Certification Scheme (ACCS) [ICO-CSC/001]).
- A scheme for use by organisations which have to comply with age appropriate design rules on their websites, apps and other online presence, including the ICO Children’s Code. Again, the scheme was developed by the Age Check Certification Scheme (ACCS) and the certification body is Age Check Certification Services Ltd. (See Age Appropriate Design Certification Scheme (AADCS) [ICO-CSC/002]).
Organisations certified under each scheme, and associated information, will appear on public registers maintained by the relevant certification body. Certification is valid for three years, but there are periodic reviews and certification can be withdrawn if an organisation is found to no longer meet the standards.
The ICO has published guidance on certification generally, and more detailed guidance called ‘Certification schemes detailed guidance’. Information on existing schemes can be viewed on the ICO’s online certification schemes register.
More certification schemes are likely to be announced in the future.
Operative date
- Now
Recommendation
- Organisations seeking certification, or wishing to become a certification body or develop a certification scheme, can view the general guidance and the detailed guidance on the ICO website.
- Organisations, business partners, customers and others wishing to check the certification scheme register can view it on the ICO website.
This article from Atom Content Marketing is for general guidance only, for businesses in the United Kingdom governed by the laws of England. Atom Content Marketing, expert contributors and ICAEW (as distributor) disclaim all liability for any errors or omissions.
Copyright © Atom Content Marketing
ICAEW Business Advice Service
Grow your business with trusted business advice. We connect entrepreneurs, start-ups, and SMEs with ICAEW regulated accountancy firms who will provide a free initial consultation without obligation.