General Data Protection Regulation [GDPR] Compliance

Certification of General Data Protection Regulation [GDPR], by SWISS APPROVAL INTERNATIONAL

The General Data Protection Regulation come into effect on 25 May 2018 and provides a modernised, accountability-based compliance framework for data protection in European Union Countries.

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a Regulation by which the European Authorities framework, intend to strengthen and unify data protection for all individuals within European Union market. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for International Business, by unifying the regulation within the EU.

The figure of Data Protection Officers [DPO’s] will be at the heart of this new legal framework for many organisations, facilitating compliance with the provisions of the GDPR.

Under the GDPR, it is mandatory for certain controllers and processors to designate a DPO. This will be the case for all Public Authorities and Bodies (irrespective of what data they process), and for other organisations that – as a core activity – monitor individuals systematically and on a large scale, or that process special categories of personal data on a large scale.

Even when the GDPR does not specifically require the appointment of a DPO, Organisations may sometimes find it useful to designate a DPO on a voluntary basis. The Article 29 Data Protection Working Party, encourages these voluntary efforts.
The concept of DPO is not new. Although Directive 95/46/EC3 did not require any organisation to appoint a DPO, the practice of appointing a DPO has nevertheless developed in several Member States over the years. DPOs act as intermediaries between relevant stakeholders (e.g. supervisory authorities, data subjects, and business units within an organisation).

DPOs are not personally responsible in case of non-compliance with the GDPR. The GDPR makes it clear that it is the controller or the processor who is required to ensure and to be able to demonstrate that the processing is performed in accordance with its provisions (Article 24). Data protection compliance is a responsibility of the Controller or the Processor.

Swiss Approval International, certifies the comliance of Companies and Organizations with the General Data Protection Regulation requirements, through assessment and audit, based on specific GDPR Swiss Approval compliance check List.

Swiss Approval GDPR Compliance Certificate, is based on ISO 27001 accreditation, as there is no other related Standard yet.