Skip to content

ICO Codes of Conduct & Certification schemes: firms data accountability

What’s happening?

The Information Commissioner’s Office (ICO) recently launched two services designed to help firms demonstrate accountability in line with the General Data Protection Regulation (GDPR).

In February 2020, the ICO published guidance for firms looking to develop GDPR Codes of Conduct or Certification schemes. Firms can now submit their proposals to the ICO for approval.

Accountability is an important data protection principle. It requires that firms can demonstrate compliance with the GDPR. Codes of Conduct and Certification schemes both offer firms a valuable voluntary accountability tool.

Why sign up?

Signing up to an ICO approved Code of Conduct will demonstrate that your firm’s scheme complies with relevant data protection legislation.

Certification is a separate provision under the GDPR. It offers a tool your firm can use to build trust among customers and demonstrate its commitment to compliance.

What do you need to do?

Code of Conduct scheme applications, together with supporting documentation, can now be submitted for ICO approval.

Controllers and processors must be represented for their applications by ‘code owner’ organisations (for example, trade bodies). They can then apply to have their personal data processing arrangements certified under the relevant scheme.

This process is expected to take eight to twelve weeks. Approved schemes will be entered on a publicly accessible ICO register. Code owners will then need to monitor the scheme compliance of the firms they represent.

At the time of writing, no schemes had yet received ICO approval.

How can Thistle help you?

If you’d like to know more about preparing for the ICO accountability schemes – or any other aspect of ICO compliance – our expert team is here to help. We can also review a draft of your scheme before it is submitted. Contact us today on 0207 436 0630 or email info@thistleinitiatives.co.uk.