GDPR Accredited Certification

The EU General Data Protection Regulation (GDPR) became part of UK law from 25 May 2018.  The Regulation contains provisions and requirements pertaining to the processing of personal data.

Articles 42 and 43 of the GDPR provide for GDPR certification as a voluntary mechanism for verifying and demonstrating compliance.

UKAS article dated 03/03/2020:
UKAS has been working closely with the ICO on the framework for GDPR certification and the processes involved; specifically on the development of certification and accreditation requirements for UK GDPR schemes in line with European Data Protection Board (EDPB) guidelines.

The final certification and accreditation requirements -including UK specific additional accreditation requirements have now been approved by the EDPB so the ICO is now able to accept formal applications from organisations seeking approval of certification schemes and UKAS is able to accept applications for accreditation from certification bodies operating ICO approved certification schemes.

Detailed guidance for the different stakeholders involved in GDPR certification: organisations applying for certification, potential certification bodies, and organisations developing certification scheme criteria is now available on the ICO website together with information on how to apply.