The Information Commissioner’s Office is developing a certification scheme as a way for organisations such as care homes to demonstrate compliance with the GDPR and enhance transparency.
Signing up to a certification scheme will be voluntary. However, if there is an approved certification scheme that covers your processing activity, adopting certification will demonstrate compliance to the regulator, the public and in your business to business relationships.
It is expected that signing up to the NHS Data Security and Protection Toolkit will be a way for care homes in England to show GDPR compliance to the regulator.
Details of how to apply for certification are expected to be become available in the Autumn. However, organisations with, or developing GDPR certification schemes, are invited to contact the ICO with details.
The ICO also advises that trade associations and representative bodies may draw up GDPR codes of conduct that cover topics that are important to their members, such as fair and transparent processing, pseudonymisation or the exercise of people’s rights.
- GDPR compliance is one recommendation in a new European Telecommunications Standards Institute (ETSI) standard for cybersecurity in relation to consumer IoT products. The standard covers the security of internet-connected devices such as smoke detectors and door locks, smart cameras, TVs, assistants and speakers and wearable health trackers.