- How do I get my GDPR Certification Scheme approved?
Scheme owners need to contact the Information Commissioners Office (ICO) to get the criteria in your scheme approved. UKAS cannot consider applications from GDPR Certification Scheme owners until the scheme criteria has been approved by the ICO. The next stage would be for UKAS to evaluate the scheme for its suitability for accreditation purposes. The UKAS evaluation of a new Certification Scheme is estimated to cost approximately £3k. Information on the criteria that your scheme will need to meet can be found on the ICO website.
- How do I get my Certification Body accredited?
Certification Bodies (CB) will need to apply for accreditation from UKAS to operate an ICO approved Certification Scheme. If your scheme is not approved by the ICO you will need to contact the ICO first (see 1 above). UKAS will not accept applications for accreditation unless it is from an approved scheme. You should read the information on the UKAS website about applying for accreditation. The accreditation criteria against which your Certification Body will be assessed are ISO 17065 and the ICO additional accreditation requirements. You should review both of these sets of requirements to determine to what extent your organisation meets them. There is information in the Development section of the UKAS website to assist conformity assessment scheme developers (e.g. ISO 17007. ISO 17067 and ISO TR 17032). Once you have done this, please contact UKAS to discuss the application and assessment process. The relevant application forms would include the AC1 form (for applying as a process Certification Body) and the GDPR Confidentiality Waiver (to allow UKAS to share information about your application with the ICO) and form F530 (for the conformity scheme evaluation). If you are not already accredited by UKAS, the assessment costs are likely to be in the range £12k to £15k, with annual costs between £6k and £8k.
- How do I find a GDPR Certification Scheme to operate (as a Certification Body)?
If you are a Certification Body that wishes to operate a GDPR scheme, you will need to contact a scheme owner. Schemes that have been approved by the ICO will be listed on their website with contact details for the scheme owners.
- Where can I get my data processes certified?
Please see the information on the ICO website. Schemes that have been approved by the ICO will be listed there with contact details for the scheme owners. Certification Bodies operating approved GDPR schemes will be listed on the UKAS website.