News Item 1 min read


UKAS has been working closely with Information Commissioner’s Office (ICO) on the framework for GDPR certification and the processes involved; specifically on the development of certification and accreditation requirements for UK GDPR schemes in line with European Data Protection Board (EDPB) guidelines.

The EDPB is the EU organisation in charge of the application of the GDPR and is composed of the supervisory authorities from all Member States (in the UK this is the ICO). Once approved by the ICO, GDPR certification scheme criteria will need to be submitted to the EDPB for consideration. The GDPR stipulates that certification bodies which deliver approved GDPR certification schemes must be accredited against the requirements of ISO/IEC 17065:2012 and the additional requirements set by the ICO.

UKAS participated in a webinar with the ICO to help answer some of the key questions around developing and operating GDPR certification schemes. You can watch a recording of the webinar here:

There is more information on the UKAS and ICO websites, including two other webinars on developing a GDPR certification scheme and on GDPR certification: accreditation.