ICO launches two GDPR compliance schemes

The Information Commissioner's Office (ICO) has launched two services to help organisations implement company policies based on the General Data Protection Regulation (GDPR).

Businesses can now submit proposals to the ICO for GDPR Codes of Conduct or to apply for company Certification Schemes.

The aim is to help businesses demonstrate compliance and accountability with the EU's data regulation.

These are voluntary tools, but are key assets to both data controllers and processors, according to the ICO.

The Code of Conduct is a set of provisions based on the GDPR, such as trade, membership or professional bodies, that help to aid businesses with data protection issues relevant to their sector.

The ICO's Certification Scheme is a separate service that offers businesses tools to enhance trust in their organisation and act as a sign of compliance with the regulation.

"I would encourage any organisation that can speak on behalf of a group of organisations, or who has expertise in developing standards or certification criteria, to have a look at our guidance and speak to us about developing a GDPR Code of Conduct or Certification scheme," said Ian Hulme, ICO director of regulatory Assurance.

"Both mechanisms are a really good way for organisations to show their commitment to complying with data protection legislation and ultimately, build public trust and confidence in their organisation."

More than half of UK businesses were said to not be compliant with EU's data regulation in September 2019, despite it coming into force in 2018. This was according to a report from software firm Egress, which said that 52% of respondents to its survey said they were non-compliant.

The new services may also relieve the pressure on the ICO itself, which reported that its staff had received four times as many reports of personal data breaches during the financial year of 2018/19.

The watchdog reportedly looked into 13,840 cases, compared to 3,311 during 2017/18's financial year.