A GDPR Certification scheme is on its way!

Ever since the strict new General Data Protection Regulation – more commonly referred to as GDPR – came into force in May 2018, companies have been forced to think more closely about how they collect, process and protect personal data.

While some small businesses have struggled to get to grips with the new rules, others have fully embraced their data protection obligations; auditing the data they hold, updating their IT systems and processes where necessary, and training up staff.

Ensuring data is being held securely is a big part of GDPR, with the principle of the regulation being ‘security by design’. So, by its very nature, GDPR is making businesses stay on top of potential cyber security threats. And this is great to see, especially with small businesses being the subject of almost 10,000 cyber attacks every day.

Small businesses are also finding that being GDPR compliant is increasingly important when it comes to securing new business and maintaining approved supplier status. All of which makes the following news even more timely….

For businesses who want to shout loud and proud about their GDPR compliance, it’s likely that soon they will be able to enrol on a GDPR certification scheme.

What is GDPR certification?

From 2020, GDPR certification will be the new mark of GDPR compliance in the UK. It’s being brought in to ensure that companies are doing everything by the book, when it comes to GDPR and the handling of personal data.

The certification will be awarded to companies who complete an ICO (Information Commissioner’s Office) approved scheme. These schemes – the details of which are still to be finalised at the time of writing – are expected to take the form of a set of criteria or guidelines, which businesses need to meet.

The certification itself will be fully accredited and managed by a recognised UKAS approved body.

How long will certification last?

When you achieve GDPR certification, it won’t be awarded to your business for life. Under current plans, your certification may last three years – at which point, your company will need to be reassessed, to ensure it still meets the required standards.

Will GDPR certification be mandatory?

No, it will be down to individual companies to decide whether to get GDPR certified or not. However, with more and more people questioning their data rights and approved suppliers being quizzed about their GDPR compliance, being able to show the certification could be great for business!

Companies that achieve GDPR certification will receive an official seal, which can be used for marketing purposes. So, while getting certified is a matter of choice, it could potentially have very positive commercial benefits.

Will GDPR certification guarantee GDPR compliance?

Not exactly…. A company will need to meet a strict set of compliance criteria in order to be granted certification status in the first place. Once issued, this status is likely to keep being monitored and reviewed, to ensure the company is continuing to abide by GDPR. If there is any evidence of non-compliance, the certification can be revoked.

One thing certification certainly doesn’t give businesses is a free pass to relax their standards! If anything, being GDPR certified pushes businesses even further into the spotlight.

When will GDPR certification come in?

As it stands, no official timeline has yet been released for GDPR certification to take effect. The European Data Protection Board (EDPB) have yet to publish the certification guidelines. Only once they do so, can the ICO then start approving certification scheme proposals.

There is some suggestion that the first part of the process may be completed by autumn 2019, after which time the ICO may outline the certification requirements. Businesses will then be in a better position to decide if they want to go for GDPR certification.

Until then, we’ll continue to monitor the situation to keep you updated on any new developments.

Small business? Worried about GDPR?

Then claim your Free GDPR consultation today!

Is GDPR causing your small business a headache? Do you need help cutting through the jargon and to feel confident that you have everything covered?

Then give us a call to claim your free GDPR consultation.

Simply email GDPR@dragon-is.com or call us on 01908 613 080 for more details.