Mervinskiy 446

Page 98

○ ○ ○ ○ ○

Strongly agree Somewhat agree Neither agree nor disagree Somewhat disagree Strongly disagree

Please explain your answer, and provide supporting evidence where possible.

Q3.3.8. Are there any mechanisms that could be supported that would benefit UK organisations if they were recognised by the Secretary of State? ○ Yes ○ No ○ Don’t know Please explain your answer, and provide supporting evidence where possible.

3.4 Certification Schemes Explanatory box: What are certification schemes? Certification schemes are voluntary, market-driven frameworks of context-specific rules that, under the UK GDPR, can be used to demonstrate a high standard of compliance and to provide appropriate safeguards for international transfers. Certifications are characteristically framed at the sectoral or industry level, defining data protection rules and practices covering specific products, processes and services within the context of that sector, industry or similar group. Private bodies can develop criteria for certification schemes to the standards set in legislation and by the ICO. The criteria is submitted for assessment and prospective certification bodies are accredited by the UK Accreditation Service. Once accredited, the certification body will assess prospective businesses to see if they meet the requirements to join the scheme. Certification schemes are complex measures that require significant time and resources to design, implement and maintain, and they demonstrate accountability and represent the highest standards of data protection.

266. The government is considering modifications to the framework for certification schemes to provide for a more globally interoperable market-driven system that better supports the use of certifications as an alternative transfer mechanism. The UK GDPR’s accountability principle is central to certification. It is the requirement for organisations to take responsibility for what they do with personal data and how they comply with the UK GDPR. 82 Other jurisdictions take different approaches to defining how standards of accountability should be demonstrated. Their approaches can also require high standards of data protection, but present those 82

See chapter 1 for more detail on accountability

98

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

Privacy notice

4min
pages 144-146

5.9 Further Questions

1min
page 142

5.8 Biometrics Commissioner and Surveillance Camera Commissioner

1min
page 141

5.7 Enforcement Powers

14min
pages 134-140

5.6 Complaints

5min
pages 131-133

5.5 Codes of Practice and Guidance

4min
pages 129-130

5.4 Accountability and Transparency

5min
pages 126-128

5.3 Governance Model and Leadership

6min
pages 123-125

5.2 Strategy, Objectives and Duties

17min
pages 115-122

4.4 Building Trust and Transparency

7min
pages 107-110

3.6 Further Questions

0
page 102

3.5 Derogations

3min
pages 100-101

3.4 Certification Schemes

3min
pages 98-99

4.5 Public Safety and National Security

2min
page 111

3.3 Alternative Transfer Mechanisms

11min
pages 92-97

4.6 Further Questions

1min
page 112

3.2 Adequacy

11min
pages 87-91

2.4 Privacy and electronic communications

22min
pages 72-81

2.5 Use of personal data for the purposes of democratic engagement

6min
pages 82-84

2.3 Subject Access Requests

8min
pages 69-71

1.7 Innovative Data Sharing Solutions

10min
pages 47-51

1.8 Further Questions

0
page 52

2.6 Further Questions

1min
page 85

Ministerial foreword

1min
page 2

1.5 AI and Machine Learning

45min
pages 24-43

1.6 Data Minimisation and Anonymisation

7min
pages 44-46

1.2 Research Purposes

12min
pages 12-17

1.3 Further Processing

5min
pages 18-20

Overview of Consultation

3min
pages 9-10

1.4 Legitimate Interests

6min
pages 21-23

International Context

3min
page 8
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.