GDPR: It’s something everyone has heard of, but in many cases don’t fully understand. For many businesses, it might have caused headaches in the past, while some still might be unsure exactly how to comply and whether they’re doing it right. Either way, it’s something business owners - large or small - can’t get away from. Because let’s face it, while GDPR can be a bit of a drag, it’s a necessity – compliance is crucial for any company that collects data.
But what exactly is it?
What is the General Data Protection Regulation?
GDPR is a regulation in European Union (EU) law on data protection and privacy in the EU and the European Economic Area (EEA). It is incorporated into UK law by the Data Protection Act 2018. It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Why should I use ACCS to check for conformity under GDPR?
- Assessment as standard across our certifications
When it comes to business’ that provide age verification products and software, GDPR compliance is essential. That’s why all of our certification processes include an assessment of compliance under GDPR as standard. That’s one less thing for you to worry about.
- Avoid disciplinary action
As a result of this, you can be safe in the knowledge that you have an effective defence to avoid any disciplinary action regarding data breeches by the ICO. This is particularly helpful to organisations such as data warehousing companies, identity management and data aggregator companies.
What jurisdictions are GDPR applicable to?
Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway Poland, Portugal, Romania, Slovakia, Slovenia, Spain and Sweden.
It is also applicable to any organisation based outside of these countries, but processing data within these countries.
What standards, laws or regulations apply to GDPR?
We apply ACCS 2:2021 - Technical Requirements for Data Protection and Privacy to applications for GDPR Certification.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC General Data Protection Regulation
How do I get GDPR certified?
The first stage of gaining GDPR certification for your system is for us to undertake an Application Review in accordance with the requirements of ISO/IEC 17065:2012. There is no fee for the completion of an application review. PLEASE NOTE: You cannot apply for GDPR certification on its own through our scheme, you must be applying for another kind of certification. GDPR certification is automatically included.
During the application review:
- Define the scope of certification;
- Confirm the means available to perform all evaluation activities;
- Confirm our competence and ability to perform the certification activity;
- Confirm a plan for audit and evaluation;
- Provide an Estimated Fee for our Certification Services
Useful links about GDPR?
BECOME A TEST PURCHASER