The ICO will approve and publish the certification schemes and, as the UK national accreditation body, UKAS will accredit certification bodies to deliver those schemes.
Ian Hulme, Director for Regulatory Assurance said:
“The GDPR introduced the accountability principle, which requires data controllers to demonstrate their compliance with the law. Certification is a voluntary, and therefore very valuable means of gaining and demonstrating GDPR compliance.
“The ICO is pleased to confirm that UKAS will play a key role in GDPR compliance by accrediting the certification bodies who will be awarding these new and innovative data protection certification schemes. We look forward to working with UKAS.”
Matt Gantley, Chief Executive of UKAS said:
“I am delighted that the Information Commissioner’s statement recognises the valuable role UKAS has to play in GDPR compliance. UKAS has been working closely with the ICO on the development of requirements for accredited certification in line with European Data Protection Board (EDPB) guidelines. We look forward to continuing our successful partnership with the ICO as new GDPR schemes are developed and to welcome expressions of interest from organisations wishing to become accredited certification bodies.”