Fourth UK GDPR certification scheme covering work credentials approved
In the UK, the Information Commissioner has approved the latest round of UK GDPR certification scheme criteria, this time addressing Training and Qualifications Services, for compliance to the General Data Protection Regulation (GDPR).
In a release, the Information Commissioner’s Office (ICO) said the scheme will allow training and qualification service providers to “enable their candidates to make informed choices when applying for training programmes, having confidence that their personal data will be processed in accordance with UK GDPR.”
The scheme targeting work credentials follows three prior UK GDPR Certification Scheme approvals, which addressed secure disposal of IT assets, age verification, and online privacy for children, in line with the Digital Identity and Attributes Trust Framework (DIATF).
“In an era where trust and accountability are paramount, these schemes are a way of reassuring your customers, clients and suppliers that you hold additional expertise in a given area, are committed to building data privacy into your work and adhere to strong standards,” says Emily Keany, deputy commissioner for the ICO.
“Not only do they offer certainty to businesses to get things right, but they also provide a binding framework for organisations to sign up to, ensuring they raise the bar when it comes to data protection. The newest of these four schemes in particular additionally shows that organisations value their candidates’ personal information and have taken additional steps to protect it.”
The ICO has published an opinion on the use of live facial recognition technology by law enforcement in public places. But the current version of the UK GDPR available on its website states that it is “planning to produce more detailed ICO guidance on processing biometric data.”
Similar discussions on how to regulate and protect biometric data are taking place in Europe, where the European Association for Biometrics (EAB) recently ran a compliance workshop on the EU’s GDPR.
Last year, Michelle Donelan, then Secretary of State for Digital, Culture, Media, and Sport for the short-lived Liz Truss government, made a show of consciously uncoupling from the EU’s GDPR, saying the UK would replace it “with our own business and consumer-friendly British data protection system.”
This post was updated at 10:16am Eastern on March 8, 2023 to clarify that the certification scheme criteria is set by UK GDPR.