GDPR and Certification
Published on: 1st August 2018
By PYXI GDPR Team
We’ve had a few instances of people asking us about how to attain ‘GDPR Certification’. Let’s be clear – there is no such thing. You can’t be ‘certified compliant’ with GDPR any more than you can be with, say, VAT legislation. No organisation would be willing to accept the liability of rubber-stamping a company as “fully GDPR compliant”. Data Protection regulations, such as GDPR and DPA18, are a new fact of business life – you need to build compliance into your business processes and cultural behaviour, in the same way that you build compliance with VAT legislation into your day-to-day invoicing and accounting activities.
However, what you can do is pursue various qualifications and certifications that help show that you are taking seriously Personal Data Protection and wider Cyber Security issues. Such certifications include Cyber Essentials and IASME – the latter is designed to cover more of the topics you need to think about to help you get and stay on your journey to GDPR-compliance.
Of course, whether or not you choose to seek these certifications, you still need to do the basics – record details about your devices, software, third-party relationships and, joining it all together, the Business Purposes for which you hold and process Personal Data. Why? Not just to cover yourself if you get audited, but because by doing so you will be better prepared to handle any Subject Access Requests or Data Breaches, and most importantly, you will identify the actions you need to take to make your organisation safer and more resilient. Your customers will thank you, and you’ll sleep better at night. Sweet dreams!
PYXI GDPR Team: 1st Aug 2018 08:31:00
Subscribe to our
Weekly GDPR Newsletter.
It's full of really useful updates
for UK small businesses.
ICO Q2 Data Security Incident Trends
The ICO's figures for Q2 show that the most frequently reported data security incident relates to disclosure of data. The ICO's website has published information about Q2 2018-19's data security incidents by type and sector, and the single mo... click to read more