Having been involved in numerous GDPR planning projects we came across a number of recurring challenges for businesses trying to achieve compliance.

 

One of these was the requirement to only engage with service providers who are themselves compliant.

 

The GDPR Article 42 discusses the establishment of data protection certification mechanisms and of data protection seals and marks to assist businesses with both obtaining and maintaining compliance.

 

This however is not currently available, nor is there any known timeline for its creation.

 

In the absence of a formal accreditation, people need the confidence that the businesses they are trusting their sensitive personal data with are processing that data in a fair, legal and responsible way.

 

Those businesses that use the GDPRReady Audit to verify and promote best practice will not only go along way to generating customer confidence but will also be ready for accreditation when it exists.