GDPR Certified! Fraudulent claims of GDPR certification on the rise.

As the Data Protection Commissioner of Ireland has not currently stated what the criteria for Certification and Accreditation are any Company or Individual claiming to be GDPR certified are making Fraudulent Claims. There is currently no certifications available for the GDPR or accredited certification bodies.

 

Would you hire a self-proclaimed fraud to guide your business?

Would you knowingly hire a Fraud to guide your business? Not only the online courses but the Talks being given around the country by people that claim to be Certified should be taken with a grain of salt. GDPR is not an IT or Legal problem, it is a business problem and should be treated as such.

While they may have valid knowledge and be of help the fact that they claim False Credentials really should be taken into account.

Government bodies in particular, should pay attention and not set up series of Talks around the Country by so-called experts, under various agencies.

 

Who is responsible for GDPR Certification?

The Supervisory Authority of each country is responsible for the

“… the establishment of data protection certification mechanisms and of data protection seals and marks, for the purpose of demonstrating compliance with this Regulation of processing operations by controllers and processors.” – GDPR Final Text, 2nd Paragraph Article 42

 

“…accreditation of certification bodies as referred to in paragraphs 1 and 2 of this Article [which] shall take place on the basis of criteria approved by the supervisory authority…” – GDPR Final Text, 3rd Paragraph Article 43

 

CEO’s are ultimately responsible for GDPR compliance.

The first step to implementing GDPR should be reading and understanding it, not looking for a quick solution as one does not exist. Here at SHH systems we don’t claim to make you GDPR compliant we offer you a process that helps you log and manage requirements and understand the required documentation under the GDPR,  however it is up to the individual business to put in the time in both understanding and documenting their requirements.

The responsibility for GDPR implementation is not something that a CEO can hand off and walk away from, under the GDPR they are explicitly responsible for the implementation of the GDPR within their own organization. Therefore if the CEO hires a consultant and they get it wrong then the CEO is ultimately responsible they can not shift the blame to an external or internal party.

Useful Links

Home

https://dataprotection.ie

https://www.eugdpr.org/

GDPR Full Text English

http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&qid=1490179745294&from=en