Petitioning the ICO: Mandate the use of GDPR Certification Schemes when available.
Petitioning the ICO: Mandate the use of GDPR Certification Schemes when available.
The Issue
� Petitioning the ICO: Mandate the use of GDPR Certification Schemes when available.
As the data regulator in the United Kingdom, the ICO bears significant responsibilities for governing our data protection legislative framework. We can all acknowledge the complexity of navigating this area, which can present challenges even for motivated and capable organizations.
Remarkably, the ICO has approved 5 GDPR Certification Schemes spanning various sectors such as Age Verification, Legal Services, and IT Asset Recovery. However, the rationale behind these schemes and their recommended utilization remains unclear. Scheme Owners and Certification Bodies are burdened with the task of independently explaining and promoting these schemes. Consequently, companies that invest substantial time and resources in obtaining accreditations like the ADISA Standard 8.0 must educate their customers on their benefits.
Why is this important? In my industry, I witness widespread illegal activity in the provision of asset recovery services. Despite the existence of a published, pre-approved certification capable of identifying and verifying compliance standards, neither the sector nor its customers are effectively leveraging this resource.
An illustrative example is the case involving NHS Surrey and Brighton and Sussex University Hospitals NHS Trust, which engaged a hardware destruction company to dispose of hard drives. Unfortunately, the company failed to fulfill its obligations, resulting in penalties from the Information Commissioner's Office (ICO). Despite initially contesting the fine, they eventually lost the appeal and agreed to pay a reduced penalty of £260,000.
Call to action. As the data regulator, the ICO has a duty to promote good practice. By leading the EU in the recognition of UK GDPR Certification Schemes, we, the undersigned, call upon the ICO to mandate the use of such schemes where they exist.
Join me in making a difference. Sign the petition today and let's pave the way for easier compliance through the enforcement of the work the ICO has already done.
9
The Issue
� Petitioning the ICO: Mandate the use of GDPR Certification Schemes when available.
As the data regulator in the United Kingdom, the ICO bears significant responsibilities for governing our data protection legislative framework. We can all acknowledge the complexity of navigating this area, which can present challenges even for motivated and capable organizations.
Remarkably, the ICO has approved 5 GDPR Certification Schemes spanning various sectors such as Age Verification, Legal Services, and IT Asset Recovery. However, the rationale behind these schemes and their recommended utilization remains unclear. Scheme Owners and Certification Bodies are burdened with the task of independently explaining and promoting these schemes. Consequently, companies that invest substantial time and resources in obtaining accreditations like the ADISA Standard 8.0 must educate their customers on their benefits.
Why is this important? In my industry, I witness widespread illegal activity in the provision of asset recovery services. Despite the existence of a published, pre-approved certification capable of identifying and verifying compliance standards, neither the sector nor its customers are effectively leveraging this resource.
An illustrative example is the case involving NHS Surrey and Brighton and Sussex University Hospitals NHS Trust, which engaged a hardware destruction company to dispose of hard drives. Unfortunately, the company failed to fulfill its obligations, resulting in penalties from the Information Commissioner's Office (ICO). Despite initially contesting the fine, they eventually lost the appeal and agreed to pay a reduced penalty of £260,000.
Call to action. As the data regulator, the ICO has a duty to promote good practice. By leading the EU in the recognition of UK GDPR Certification Schemes, we, the undersigned, call upon the ICO to mandate the use of such schemes where they exist.
Join me in making a difference. Sign the petition today and let's pave the way for easier compliance through the enforcement of the work the ICO has already done.
9
Share this petition
Petition created on 29 February 2024