The Information Commissioner’s Office (ICO) has approved the criteria for the UK’s first General Data Protection Regulation (GDPR) certification schemes.
It said these will provide frameworks for organisations to show they are adhering to strong standards in the fields of children’s privacy, age assurance and asset disposal.
The criteria for the first two have been developed by Age Check Certification Scheme (ACCS), while that for the ensuring the protection of personal data when re-using or destroying IT equipment has been developed ADISA.
ICO said that organisations that achieve the standards set out in the schemes can show they have the highest level of commitment to GDPR compliance.
Anulka Clarke, acting director of regulatory assurance, said: “This is a significant step forward in enabling organisations to demonstrate their commitment to compliance with UK data protection law. The products and services these criteria cover – age assurance, age appropriate design and asset disposal – are areas where enhanced trust and accountability in how personal data is protected is vital.
“Enabling certification in these areas establishes a binding framework that organisations can sign up to. This will raise the bar of data protection and ensure they are always following the latest good practice in these constantly evolving areas and, importantly, they are able to demonstrate that commitment to their clients, suppliers and public.”
Image from iStock, Naeblys
