TECH BUYER Mar 2020 - IDC Perspective - Doc # EUR145781120
Operationalizing GDPR Accountability Through Certification and Codes of Conduct Schemes
This IDC Perspective explores the current state of play with GDPR certification schemes and codes of conduct as well as seeks to establish how adherence to recognized technical and management standards may offer an alternative accountability mechanism. The GDPR's accountability principle requires that organizations have the appropriate measures and records in place to demonstrate compliance. Increasingly, this means organizations must be able to prove how and why they have set up processes, procedures, and policies to comply with the regulation.
"Accredited certifications and codes of conduct are set to become critical assurance components for demonstrating GDPR compliance," said Ralf Helkenberg, research manager, IDC's European Privacy and Data Security Research domain. "Adherence to relevant schemes can provide a credible way for organizations to show their commitment to complying with data protection regulation, and ultimately, building public trust and confidence in their organizations."