The government delay on accrediting GDPR certification bodies means that thousands of firms have no idea if they could be hit with millions of pounds in fines for non-compliance.
James Pressley, corporate and commercial solicitor at Kirwans law firm, says that businesses needed to know that their efforts have made them General Data Protection Regulation (GDPR) compliant.
Due to come into force on May 25, GDPR is one of the biggest changes in the UK’s data protection legislation across EU states to make sure that consumers are covered to the same level.
Easily-recognisable certification seals or marks are expected to be introduced. Once awarded, consumers would be assured that their data was being properly dealt with by a government-certified business.
It’s up to the Information Commissioner’s Office (ICO) to establish ‘data protection certification mechanisms and data protection seals and marks’ and for the ‘accreditation of certification bodies’.
A checklist of GDPR-compliant businesses
These were expected to be in place by now so that the ICO has a checklist of GDPR-compliant businesses and they don’t have to waste taxpayers’ money away through investigations. It also assures firms that they’ve done enough to avoid huge penalties.
The EU has advised that the certification would be issued by accredited certification bodies for three years; it can be renewed under certain conditions, as long as the requirements are still met.
The ICO’s delay in publishing the plans means that many businesses are turning to unaccredited GDPR advisers to guide them through the process.
Pressley says, ‘The government’s statement of intent on a new Data Protection Bill made it clear that the provisions of the GDPR will remain effective in the UK even after Brexit, so it’s important that a recognised accreditation process is in place as soon as possible.
He adds that the ICO has put a helpline in place for SMEs and charities, but that is no substitute for the detailed analysis that would be needed to receive the accreditation that would assure business and their customers of their compliance.
‘Firms are keen to get it right – they just need the tools to help them confirm that they’re doing so.’