This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Last revision Both sides next revision | ||
pergamonmystic:linkedhelp:gdprcertificate [2021/10/14 11:04] admin |
pergamonmystic:linkedhelp:gdprcertificate [2024/02/06 11:04] admin |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Mystic Help ====== | ====== Mystic Help ====== | ||
- | ===== GDPR Certificate ===== | + | ===== Data Protection Registration ===== |
- | On occasion, we are asked whether Esferico can provide a GDPR Certificate for our products. | + | Esferico ltd. is registered with the ICO as a data processor. |
- | GDPR Certificates were agreed to be promoted by the various GDPR enforcement agencies around the EU, the agency responsible in the UK being the [[https://ico.org.uk|ICO]], as it had been with the standard Data Protection Act. This promotion was generally intended to 'raise the bar' of GDPR compliance. | + | A copy of our registration certification can be obtained from the ICO website here: [[https://ico.org.uk/ESDWebPages/Entry/ZA899221|Esferico ltd. ICO Registration Certificate]] |
+ | |||
+ | |||
+ | ===== GDPR Framework Certificate ===== | ||
+ | |||
+ | On occasion, we are asked whether Esferico can provide a GDPR Framework Certificate for our products. | ||
+ | |||
+ | GDPR Framework Certificates were agreed to be promoted by the various GDPR enforcement agencies around the EU, the agency responsible in the UK being the [[https://ico.org.uk|ICO]], as it had been with the standard Data Protection Act. This promotion was generally intended to 'raise the bar' of GDPR compliance. | ||
**At this time**, Esferico ltd. have chosen **not** to seek a GDPR Certificate - the simple reason being that **no product or service provided by Esferico ltd. is covered by a GDPR Certificate scheme**. | **At this time**, Esferico ltd. have chosen **not** to seek a GDPR Certificate - the simple reason being that **no product or service provided by Esferico ltd. is covered by a GDPR Certificate scheme**. | ||
Line 11: | Line 18: | ||
We are unable to obtain a certificate therefore, as there is no certificate to obtain. | We are unable to obtain a certificate therefore, as there is no certificate to obtain. | ||
- | Read on to learn why. | + | Read on to learn why, but in many ways this process has been superseded by the general data protection registration requirement (see top). |
---- | ---- | ||
Line 17: | Line 24: | ||
==== Who should apply for Certification? ==== | ==== Who should apply for Certification? ==== | ||
- | There is a list of valid reasons why, in the long term, all companies providing data processing services may wish to gain a GDPR Certificate - despite the fact that GDPR organisations around Europe are intended to promote the system, participation is **voluntary** which in many ways immediately reduces the effectiveness of the system. | + | There is a list of valid reasons why - in the long term, all companies providing data processing services may wish to gain a GDPR Certificate - despite the fact that GDPR organisations around Europe are intended to promote the system, participation is **voluntary** which in many ways immediately reduces the effectiveness of the system. |
At this current time however, the following paragraph from the ICO documentation is probably the most applicable in this case: | At this current time however, the following paragraph from the ICO documentation is probably the most applicable in this case: | ||
Line 35: | Line 42: | ||
Once the framework is authorised, the 3rd party company or consultancy is able to charge a fee for the assessment of companies and - if they comply with the conditions of the framework - issue them with a GDPR Compliance Certificate. The Certificate is issued by the 3rd party company, and **not** the ICO. The framework in question is //owned// by the 3rd party. | Once the framework is authorised, the 3rd party company or consultancy is able to charge a fee for the assessment of companies and - if they comply with the conditions of the framework - issue them with a GDPR Compliance Certificate. The Certificate is issued by the 3rd party company, and **not** the ICO. The framework in question is //owned// by the 3rd party. | ||
- | The ICO has been slow to roll out the scheme. They finally started to take action in March 2020 and in April 2021, they released a list of currently [[https://ico.org.uk/for-organisations/certification-schemes-register/a-h/|ICO authorised schemes]]. | + | The ICO has been slow to roll out the scheme. They finally started to take action in March 2020 and in April 2021, they released a list of currently [[https://ico.org.uk/for-organisations/certification-schemes-register/a-h/|ICO authorised schemes]]. Do not be surprised if clicking this link, actually leads to a dead-page at sometime in the future! |
As at time of writing, this scheme still only has __3 authorised schemes__ and //none// of them apply to either the industry or products provided by Esferico ltd. | As at time of writing, this scheme still only has __3 authorised schemes__ and //none// of them apply to either the industry or products provided by Esferico ltd. |