The Article 42 of the GDPR encourages the creation of certification schema based on the new privacy framework.
The Member States, the supervisory authorities, the Board and the Commission shall encourage, in particular at Union level, the establishment of data protection certification mechanisms and of data protection seals and marks, for the purpose of demonstrating compliance with this Regulation of processing operations by controllers and processors.
The Data Protection’s certification is voluntary and does not reduce the responsibility of the controller or the processor for compliance with this Regulation. Nevertheless could be a good way to the compliance and could help to demonstrate the correct approach to the Data Protection’s principles.
Last 31st of March the British Standard Institute had published the update of the BS 10012. This new version updated the previous 2009 version (which will be withdrawn on 25 May 2018) and align the standard to the GDPR.
The main objective of this standard is to enable organizations to put in place, as part of the overall information governance infrastructure, a Personal Information Management System (PIMS) which provides a framework for maintaining and improving compliance with data protection requirements and good practice.
The new standard is aligned to the ISO Annex SL published on 2012. This standard defines the rules for the implementation of a Personal Information Management System compliant with the GDPR and the organization could be implement an integrated management system between standards (first of all ISO/IEC 27001:2013 and ISO 9001:2015). The BS 10012:2017 “Specification for a personal information management system” is a specification standard and an organization could be certified to this standard.