Data Protection Schemes is a scheme owner under Article 42(5) of the GDPR, the article for certification mechanisms that can be used to demonstrate compliance with the Regulation. Its purpose is to develop schemes approved by the European supervisory authorities and the EDPB.
Data Protection Schemes Limited is a company established in the Republic of Ireland. We work with the Irish Data Protection Commission (DPC) and European supervisory authorities to develop certification criteria for all aspects of the GDPR. Certification criteria are developed under the authority of the European Data Protection Board. The EDPB is an independent European body. It is the umbrella organisation that brings together the national data protection authorities (National Supervisory Authorities) of the countries in the European Economic Area, as well as the European Data Protection Supervisor (EDPS).
As a scheme owner, we develop certification criteria and audit requirements for assessing conformity. An independent conformity assessment body carries out assessments (Article 43.4) against the certification scheme requirements and issues a certificate of conformity for the processing operations within scope. The organisation carrying out the assessment is not the same organisation that has developed and owns the scheme. Further details can be found in Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679) Version 3.0, 4 June 2019.
The EDPB ensures that the General Data Protection Regulation and the Law Enforcement Directive are applied consistently and ensures cooperation, including on enforcement. Recital 100 of the GDPR states "The establishment of certification mechanisms and data protection seals is encouraged, allowing data subjects to quickly assess the level of data protection of relevant products and services". Several schemes for certification criteria have been developed to cover a wide range of obligations related to the processing of data, including systems that make use of artificial intelligence.
Certification of Personnel
As the scheme owner, we are responsible for ensuring the criteria are understood and applied consistently. We achieve this by offering training and guidance on implementation and auditing conformity using the developed certification criteria. This training is for implementers, auditors, and conformity assessors to properly understand the regulations and apply the criteria consistently.
Data Protection Schemes also offers several certifications for individuals to demonstrate their knowledge and competence in specific areas of the applicable regulations. It is a requirement that an assessor holds the relevant certifications of competence before conducting a conformity assessment.
Benefit of Certification Criteria
Certification criteria provide certainty on the interpretation of regulatory requirements. They are a de facto standard for conformity that ensures consistency in conformity assessments and training requirements.