Table of Contents
If your business handles sensitive information, you should obtain certification. All information you handle must comply with the GDPR (General Data Protection Regulation) and the Data Protection Act. Certification demonstrates to the public that your company is taking accountability and complying with data protection rules. These rules are policed and enforced by the Information Commissioner’s Office (ICO). The ICO provides guidance, investigates alleged breaches, and issues fines against businesses violating data protection rules. Additionally, the ICO website can lead you to an ICO certificate provider. This article will explain the nature and purpose of an ICO certificate and how it can help your business demonstrate compliance with data protection rules.
ICO Aims
The ICO has several goals concerning UK data protection law, which include:
- providing detailed guidance on data protection principles and obligations on their website;
- ensuring companies respond accurately and swiftly to subject access requests;
- encouraging businesses to handle personal data safely and securely;
- providing a system for companies to report serious data breaches within 72 hours; and
- issuing fines to organisations that commit personal data breaches and fail to follow good practices when processing personal data.
What is an ICO Certificate?
The ICO approves certification schemes operated by third parties. You must ensure the certification body you choose is approved. The ICO website includes a list of approved schemes.
Each type of ICO certificate scheme will have specific criteria and a financial cost. In addition, they will contain detailed requirements to ensure that companies with those certificates can demonstrate high levels of data protection compliance. The ICO will likely add more schemes to the list in the future.
If your business meets the certification scheme criteria, it can discuss the specific logo or mark of that scheme on its website and advertising materials. This demonstrates that your company handles personal information securely and in line with the GDPR requirements. Accordingly, these certificates may also be known as ‘UK GDPR certification’.
Continue reading this article below the formCall 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.
Example
Let us say that your business sells kitchenware items. Some of those kitchenware items will include knives, blades and sharp utensils. It may benefit your business to obtain an ICO certificate for the age check certification scheme (ACCS) to demonstrate that your age assurance system works.
This scheme will set out various tests to ensure that your age check system is thorough, accurate and in line with GDPR requirements. Overall, the certificate demonstrates that your business has done all it reasonably can to ensure the system is legal and works well.
Furthermore, by obtaining this certification, your organisation shows that it takes the social issues of knife crime and complying with age requirements on restricted items seriously. Therefore, your business can promote the fact it has this ICO certification on its website and within its written materials.
Other Benefits of ICO Certification
The ICO confirms on their website that having certification can demonstrate a mitigating factor within any future ICO investigation. Thus your company can argue that obtaining and paying for ICO certification demonstrates that it takes all reasonable steps to comply with data protection rules.
This is useful because the ICO can issue fines to organisations that breach data protection laws. The maximum fine is £17.5m (or 4% of annual global turnover). Therefore, having evidence that can potentially reduce such fines is in your company’s interest.
Key Takeaways
The ICO acts as the referee for data protection purposes in the UK and applies penalties for the public interest. Therefore, the ICO will determine the punishment if your organisation breaches data protection rules. Having an ICO certificate helps your company demonstrate that it carries out good data practice and gives it a better chance of defending ICO investigations into alleged data protection breaches. It can also help your image with potential customers by giving them confidence that you will handle sensitive information well.
If you need help with data protection requirements and obtaining ICO certification, our experienced Data, Privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.
Frequently Asked Questions
There are only a few schemes as it is a relatively new ICO initiative. However, the ICO state that they plan to develop and recognise different certification schemes in 2022 and beyond.
No, these are separate schemes that complement (but do not overlap) each other. Thus, a different body runs ISO standards with different compliance rules.
We appreciate your feedback – your submission has been successfully received.
