Whether you’re considering signing up to a code of conduct or applying for certification under a GDPR scheme (once available), the message from the ICO is the same. As well as helping controllers and processors demonstrate compliance, both mechanisms can deliver a competitive advantage by engendering trust not only with individuals whose personal data is being processed, but also between contracting parties who share personal data.
Marking a significant step forward, the UK's ICO is now formally inviting organisations to submit their sector-specific codes and scheme criteria for its approval. To assist with the process, the ICO has published guidance for organisations wanting to develop GDPR Codes of Conduct or Certification schemes.
My colleague Robert Lister explains a little more in this article.
Accountability is a key element of GDPR compliance and, according to the ICO, Codes of Conduct and Certification schemes will provide “a really good way” for data controllers and processors to demonstrate their commitment to it.