This guidance discusses certification schemes in detail. Read it if you have detailed questions not answered in the Guide to the GDPR, or if you need a deeper understanding. This guidance will be useful for organisations considering writing, monitoring or signing up to a certification scheme.
If you haven’t yet read certification schemes in brief in the guide, you should read that first. It sets out the key points you need to know and includes frequently asked questions regarding certification schemes.
How do we apply for GDPR certification?
- What are the requirements?
- What should we consider before applying?
- How much does it cost to be certified?
- How will people know about our certification?
How do we become a certification body?
- What do we need to know before applying to become a certification body?
- How do we apply to become a certification body?
- What is a certification body’s relationship with the ICO?
- How will people know about our accreditation?
- What information will be published?
- Further information
How do we develop a certification scheme
- What are certification schemes?
- What can a GDPR scheme be about?
- What can be certified?
- What are the requirements for GDPR certification criteria?
- Do we need to describe the evaluation methods?
- Does the scheme include the use of a seal or mark?
- How should we test our scheme?
- How can the ICO help?
- What documents do we need to submit to the ICO?
- How will the ICO assess the scheme criteria?
- EDPB opinion
- How will people know our criteria have been approved?