Speaking at the Infosecurity Europe conference, U.K. Information Commissioner’s Office Head of Technology Policy Nigel Houlden said his agency is looking into figuring out self-certification for the EU General Data Protection Regulation, BankInfoSecurity reports. Houlden said the ICO might eventually work out a list of GDPR requirements organizations can follow to display their compliance efforts, which can be useful if they were to suffer a data breach. “If anyone tries to tell you they're GDPR-certified — they're lying," Houlden said. "There is no such thing as GDPR certification; there is only compliance that you can work toward." Editor's Note: IAPP Content Director Sam Pfeifle wrote about how GDPR certification is coming into focus following guidance from the European Data Protection Board in this piece for The Privacy Advisor.
If you want to comment on this post, you need to login.