Certification mechanisms will enable organisations to demonstrate compliance to other organisations through the use of data protection seals or marks. They might also demonstrate the existence of appropriate safeguards for practices required under data protection regulation, such as international data transfers. Certification mechanisms must remain voluntary and by their nature, will be a measure based upon the time of certification and will be limited to a maximum period of three years. The certification can be withdrawn if the terms are no longer being met.
Certifications for International Data Transfer
Transferring data internationally requires either the receiving country to be deemed adequate or appropriate safeguards to be in place. One such set of safeguards are certification mechanisms.
At the time of writing, few approved certification mechanisms exist, therefore there is a limited opportunity available to apply this safeguard. One such mechanism which has been approved by the ICO is LOCS:23 which relates to the Legal Profession. The ICO provides further information here: https://ico.org.uk/for-organisations/advice-and-services/certification-schemes/
How can ProvePrivacy Help?
ProvePrivacy allows RoPA users to add all contracts as part of the Data Sharing Assessment, all of the above clauses are noted within this assessment and if any are identified as absent then a risk will be added to the risk log.