UK GDPR Frequently Asked Questions

Scheme owners need to contact the Information Commissioners Office (ICO) to get the criteria in your scheme approved. UKAS cannot consider applications from UK GDPR Certification Scheme owners until the scheme criteria has been approved by the ICO. The next stage would be for UKAS to evaluate the scheme for its suitability for accreditation purposes. The UKAS evaluation of a new Certification Scheme is estimated to cost approximately  £3k. Information on the criteria that your scheme will need to meet can be found on the ICO website. 

Certification Bodies (CB) will need to apply for accreditation from UKAS to operate an ICO approved Certification Scheme. If your scheme is not approved by the ICO you will need to contact the ICO first (see above). UKAS will not accept applications for accreditation unless it is from an approved scheme. You should read the information on the UKAS website about applying for accreditation. The accreditation criteria against which your Certification Body will be assessed are ISO 17065 and the ICO additional accreditation requirements. You should review both of these sets of requirements to determine to what extent your organisation meets them. There is information in the Development section of the UKAS website  to assist conformity assessment scheme developers (e.g. ISO 17007. ISO 17067 and ISO TR 17032).  Once you have done this, please contact UKAS to discuss the application and assessment process. The relevant application forms would include the AC1 form (for applying as a process Certification Body) and the GDPR Confidentiality Waiver (to allow UKAS to share information about your application with the ICO, form available from UKAS on request) and form F530  (for the conformity scheme evaluation).  If you are not already accredited by UKAS, the assessment costs are likely to be in the range £12k to £15k, with annual costs between £6k and £8k. 

If you are a Certification Body that wishes to operate a GDPR scheme, you will need to contact a scheme owner. Schemes that have been approved by the ICO are listed on their website with contact details for the scheme owners. 

Please see the information on the ICO website. Schemes that have been approved by the ICO are listed there with contact details for the scheme owners. Certification Bodies operating approved UK GDPR schemes are listed on the UKAS website.