Due to come into effect in Autumn 2019, the new GDPR Certification process will allow businesses to demonstrate their responsibility to GDPR compliance whereby a visible certificate, seal or mark will be issued.

How will the GDPR certification scheme be designed?

Companies will be invited to submit their suggestions on aspects of GDPR importance to the UK Information Commissioner’s Office (ICO).  These will be carefully considered and will determine the nature of the compliance scheme.

Once a national accreditation body has been formed by the ICO, the certification scheme will then be delivered or administered by accredited certification businesses.   Certification will be valid for 3 years which will be monitored by periodic reviews.  A certificate may be withdrawn at any time, should a company close or no longer meet the criteria.

Is GDPR Certification compulsory?

No – GDPR Certification is not compulsory, it will indeed only be voluntary.  However, if a business can prove compliance it will accordingly provide many different benefits.  It will demonstrate that a company is ICO compliant which could assist in securing sales contracts and advocate their responsibility towards the handling of data, especially where public relations and IT companies are concerned.  It will also be taken into account, should a business fall victim of a data breach and be subject to a fine.

GDPR Certification can help businesses to demonstrate their compliance to GDPR but will neither reduce nor replace on-going data protection responsibilities. Companies have a duty to continually enforce GDPR compliance amongst employees including raising awareness, monitor systems and hardware, review processes in terms of how data is used, circulated and stored.  By regularly identifying and reviewing areas where risk could occur will go far in reducing a GDPR breach.

Is your company GDPR Compliant and are you looking to become compliant with GDPR Certification? Here at Crendon insurance Ltd we provide companies with a confidential GDPR assessment of their business to evaluate data protection vulnerabilities and implement GDPR Insurance.  For further information, please contact our team who can assess how data is managed within your business or organisation.

Blogs used to write this article: