Data Protection Systems
assurance, certification, services, solutions and training

Governance, management and controls for AI and data protection regulatory compliance.

Contact us
Our Mission.

Helping enterprises to demonstrate compliance.

Under Articles 42 and 43 of the GDPR, certification refers to third-party attestation related to processing operations by controllers and processors. Our organization creates certification criteria to evaluate conformity for approval by European supervisory authorities. These criteria are used to assess independently whether an enterprise’s object of certification meets the specified requirements of the GDPR. Enterprises can avail themselves of training and self-audit assistance to gain a better understanding of the certification criteria, implementation requirements, and the evidence necessary to demonstrate conformity.

Contact Us
Our Services.

Governance, Management, Control.

Artificial Intelligence

AI is a transformative technology with applications in office productivity, manufacturing, transportation, medicine, and many other areas. Good governance, management, and operational control can optimize the benefits for individuals, businesses, governments, communities, and society.

Data Protection

The processing of personal data significantly increases the obligations and responsibilities of enterprises in how they collect, use, and dispose of personal data. Enterprises are required to be able to demonstrate accountability for their data processing activities and compliance with legal obligations.

Information and Technology

Achieve agreed-upon enterprise objectives for information and technology, through the evaluation of stakeholder needs, conditions, and expectations, prioritising and making decisions, optimising risk management, setting direction, and monitoring performance, compliance, and value creation.

Advisory Service.
Our Approach.

Advisory Service.

Approved certification criteria enable us to confidently advise on best practices for compliance with statutory and contractual obligations.

Contact us
Assurance Service.
Assurance.

Assurance Service.

As the owner of approved certification criteria, our assurance service has a reliable basis for assessing conformity and providing assurance that controllers and processors are capable of fulfilling their statutory and contractual obligations. Certification criteria are reviewed and approved by supervisory authorities and the EDPB to ensure the requirements for conformance will ensure a consist application of the applicable regulations.

Book a Consultation

Knowing about Governance, Management and Control is Good. Better still, get Certified!

Good Governance, Management and Control done Right
Assurance

Assurance

Online auditing of the governance. management and control practices for artificial intelligence systems, data protection obligations and the use of information and technology.

Services

Services

Artificial intelligence, data protection and data governance services.

Solutions

Solutions

Solutions to support the governance, management and control of artificial intelligence system, data protection obligations and the use of information and technology.

Education

Education

Online courses and virtual classroom training for the governance, management and control of artificial intelligence systems, data protection obligations, and information and technology.

Certification criteria for the purpose of demonstrating compliance with the GDPR

Details
Certification Criteria

The data protection landscape is complex and it continues to evolve. It presents many challenges to organisations by creating uncertainty on many levels about whether, how, and when to process personal data. The complex implementation of the General Data Protection Regulation (2016/679) is having a serious impact on organisations’ abilities to update and align their business practices to the ever-changing regulatory requirements.

Certification schemes developed in conjunction with the European supervisory authorities provide clarity. They are established for the purpose of demonstrating compliance with the GDPR of:

  • processing operations by controllers and processors subject to the GDPR
  • safeguards provided by controllers or processors, and sufficient guarantees by operators that are not subject to the GDPR within the framework of personal data transfers to third countries or international organisations.

Certification criteria reflect the precise requirements and principles concerning the protection of personal data and contribute to the consistent application of the GDPR. Assertions of conformity with the certification criteria require supporting documentation and evidence that can be used to demonstrate compliance. 

Certification criteria improve transparency for data subjects and in business-to-business relations, for example between controllers and processors, and ensure that the outcome of certification is meaningful, unambiguous, as reproducible as possible, and comparable. They allow data subjects to assess the level of data protection of relevant products and services. 

Besides being used by accredited certification bodies to conduct independent assessments of evidence of conformance, certification criteria provide precise requirements for:

  • training courses
  • implementation guidance
  • assurance services.

Certification criteria developed in conjunction with the supervisory authorities provide precise requirements for:

  • certification of conformance
  • training course content
  • implementation guidance
  • assurance services.

Criteria are developed in accordance with a rigorous review and approval process. All certification schemes have a clearly defined scope and indicate what is not included. They are designed to be applied to any kind of processing in a consistent and reliable manner. It is important that a clear understanding of what processing of personal data is covered and how the GDPR obligations will be undertaken and delivered.