Saturday 8 June 2019

Are any GDPR certification schemes worth the money?

Image result for gdpr

Let's be clear - you can't buy GDPR compliance off the shelf.. Although it is a good idea to get some advice from a GDPR expert, none of the courses touted as making your company GDPR compliant will actually do so.

In short, no - certainly not if you're looking for a certificate demonstrating compliance. There are currently no bodies empowered to audit and certify GDPR compliance.

Those that claim to exist will say their certification is valid for GDPR, but in fact, they're often based on the National Cyber Security Centre's Cyber Secure standard (UK). That means organisations who undertake their courses may still be found non-compliant.

The more any organisation does to comply the better. Obtaining any form of external certification implies that [an] external organisation is going to check where the target organisation is not doing enough, thus enabling the target organisation to become more compliant.