pergamonmystic:linkedhelp:gdprcertificate
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
pergamonmystic:linkedhelp:gdprcertificate [2021/10/14 09:05] admin |
pergamonmystic:linkedhelp:gdprcertificate [2024/02/06 11:05] (current) admin |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Mystic Help ====== | ====== Mystic Help ====== | ||
| - | ===== GDPR Certificate ===== | + | ===== Data Protection Registration ===== |
| - | On occasion, we are asked whether Esferico can provide a GDPR Certificate for our products. | + | Esferico ltd. is registered with the ICO as a data processor. |
| - | GDPR Certificates were agreed to be promoted by the various GDPR enforcement agencies around the EU, the agency responsible in the UK being the [[https://ico.org.uk|ICO]], as it had been with the standard Data Protection Act. This promotion was generally intended to 'raise the bar' of GDPR compliance. | + | A copy of our registration certification can be obtained from the ICO website here: [[https://ico.org.uk/ESDWebPages/Entry/ZA899221|Esferico ltd. ICO Registration Certificate]] |
| - | **At this time**, Esferico ltd. have chosen **not** to seek a GDPR Certificate - the simple reason being that **no product or service provided by Esferico ltd. is covered by the GDPR Certificate scheme**. | + | Note that this registration renews on a yearly basis. |
| - | Read on to learn why. | + | ===== GDPR Framework Certificate ===== |
| + | |||
| + | On occasion, we are asked whether Esferico can provide a GDPR Framework Certificate for our products. | ||
| + | |||
| + | GDPR Framework Certificates were agreed to be promoted by the various GDPR enforcement agencies around the EU, the agency responsible in the UK being the [[https://ico.org.uk|ICO]], as it had been with the standard Data Protection Act. This promotion was generally intended to 'raise the bar' of GDPR compliance. | ||
| + | |||
| + | **At this time**, Esferico ltd. have chosen **not** to seek a GDPR Certificate - the simple reason being that **no product or service provided by Esferico ltd. is covered by a GDPR Certificate scheme**. | ||
| + | |||
| + | We are unable to obtain a certificate therefore, as there is no certificate to obtain. | ||
| + | |||
| + | Read on to learn why, but in many ways this process has been superseded by the general data protection registration requirement (see top). | ||
| ---- | ---- | ||
| Line 15: | Line 25: | ||
| ==== Who should apply for Certification? ==== | ==== Who should apply for Certification? ==== | ||
| - | There is a list of valid reasons why, in the long term, all companies providing data processing services may wish to gain a GDPR Certificate - despite the fact that GDPR organisations around Europe are intended to promote the system, participation is **voluntary** which in many ways immediately reduces the effectiveness of the system. | + | There is a list of valid reasons why - in the long term, all companies providing data processing services may wish to gain a GDPR Certificate - despite the fact that GDPR organisations around Europe are intended to promote the system, participation is **voluntary** which in many ways immediately reduces the effectiveness of the system. |
| At this current time however, the following paragraph from the ICO documentation is probably the most applicable in this case: | At this current time however, the following paragraph from the ICO documentation is probably the most applicable in this case: | ||
| Line 27: | Line 37: | ||
| ==== What is GDPR Certification? ==== | ==== What is GDPR Certification? ==== | ||
| - | While GDPR enforcement organisations around Europe are intended to promote the GDPR Certificate scheme, the reality is that certificates are neither audited by, enforced by or even issued by the ICO. | + | While GDPR enforcement organisations around Europe are intended to promote the GDPR Certificate scheme, the reality is that certificates are not audited by, enforced by or even issued by the ICO. |
| Instead, 3rd party companies and consultancies identify an area of interest to themselves, put together a compliance framework for that type of industry or product, and them submit that framework to the ICO for authorisation. | Instead, 3rd party companies and consultancies identify an area of interest to themselves, put together a compliance framework for that type of industry or product, and them submit that framework to the ICO for authorisation. | ||
| Line 33: | Line 43: | ||
| Once the framework is authorised, the 3rd party company or consultancy is able to charge a fee for the assessment of companies and - if they comply with the conditions of the framework - issue them with a GDPR Compliance Certificate. The Certificate is issued by the 3rd party company, and **not** the ICO. The framework in question is //owned// by the 3rd party. | Once the framework is authorised, the 3rd party company or consultancy is able to charge a fee for the assessment of companies and - if they comply with the conditions of the framework - issue them with a GDPR Compliance Certificate. The Certificate is issued by the 3rd party company, and **not** the ICO. The framework in question is //owned// by the 3rd party. | ||
| - | The ICO has been slow to roll out the scheme. They finally started to take action in March 2020 and in April 2021, they released a list of currently [[https://ico.org.uk/for-organisations/certification-schemes-register/a-h/|ICO authorised schemes]]. | + | The ICO has been slow to roll out the scheme. They finally started to take action in March 2020 and in April 2021, they released a list of currently [[https://ico.org.uk/for-organisations/certification-schemes-register/a-h/|ICO authorised schemes]]. Do not be surprised if clicking this link, actually leads to a dead-page at sometime in the future! |
| As at time of writing, this scheme still only has __3 authorised schemes__ and //none// of them apply to either the industry or products provided by Esferico ltd. | As at time of writing, this scheme still only has __3 authorised schemes__ and //none// of them apply to either the industry or products provided by Esferico ltd. | ||
| Line 52: | Line 62: | ||
| * At this time, there is no official pro-active auditing system in place to confirm compliance with the GDPR for small to medium businesses other than that administered retrospectively due to a data breach or known lack of compliance. Pro-active auditing is performed for large organisations (councils, police forces etc.) which process significant amounts of protected data, and distinct characteristics. | * At this time, there is no official pro-active auditing system in place to confirm compliance with the GDPR for small to medium businesses other than that administered retrospectively due to a data breach or known lack of compliance. Pro-active auditing is performed for large organisations (councils, police forces etc.) which process significant amounts of protected data, and distinct characteristics. | ||
| - | * A list of authorised schemes was finally made available from April 2021 (see [[https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/certification/|ICO Certification]]) and is therefore still very much in its infancy. At of the time of writing, only three such official schemes are listed as being approved by the ICO, and none of which are applicable to the products provided by Esferico ltd. | + | * A list of authorised schemes was finally made available from April 2021 (see [[https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/certification/|ICO Certification]]) and is therefore still very much in its infancy. At the time of writing, only three such official schemes are listed as being approved by the ICO, and none of which are applicable to the products provided by Esferico ltd. |
| - | * Certification can be an expensive process, and must be balanced against the information that is recorded within any individual product. Such costs would therefore also need to be passed on to clients. | + | * Certification can be an expensive process, and must be balanced against the information that is recorded within any individual product. Such costs would therefore also need to be passed on to clients. The same assurances of GDPR compliance can be obtained from the GDPR compliance documentation required to be generated by the statutory GDPR legislation in place (see [[PergamonMystic:linkedhelp:gdprdocuments|GDPR and Data Protection Documents]]) |
| * Esferico applications store a very small number of fields which are categorised as protected data (most is not personal in nature, and most is deemed as being in the public domain) and most is not useful for identification. | * Esferico applications store a very small number of fields which are categorised as protected data (most is not personal in nature, and most is deemed as being in the public domain) and most is not useful for identification. | ||
pergamonmystic/linkedhelp/gdprcertificate.1634202355.txt.gz · Last modified: 2021/10/14 09:05 by admin
Page Tools
