The ICO has published guidance for organisations wanting to develop GDPR Codes of Conduct or Certification schemes. Organisations can now submit their proposals to the ICO for approval.

Ian Hulme, ICO Director of Regulatory Assurance, said:

“I would encourage any organisation that can speak on behalf of a group of organisations, or who has expertise in developing standards or certification criteria, to have a look at our guidance and speak to us about developing a GDPR Code of Conduct or Certification scheme.”

“Both mechanisms are a really good way for organisations to show their commitment to complying with data protection legislation and ultimately, build public trust and confidence in their organisation.”

Despite the UK’s exit from the European Union, it is clear that the ICO and organisations wishing to work within certification schemes across the EU have the benefit of close links with the European Data Protection Board (EDPB). The ICO’s website states: “Across EU member states, the EDPB will collate all EU certification schemes in a public register. There is also scope for a European Data Protection Seal where scheme criteria are approved by EDPB for use in all member states.”

The ICO’s guidance on:

  • codes, issued on 28 February, after adoption by the European Data Protection Board
  • certification, issued on 28 February



Written by Privacy Laws & Business