- Governance, Risk Management and Compliance (GRC) objectives as the principal areas of the GDPR privacy principles; that include policies, procedures, controls and records.
- Besides GRC the next three categories of GDPR implementation, the AIC certification program focuses on the GDPR activity related to people, process and technology.
- And finally, The EUGDPR Institute AIC certification program assesses the compliance framework based on the legislative, regulatory and contractual requirements as the Information Security components of the GDPR compliance.
Based on the certification report the company will be able to enhance the structured way of managing personal data, comply with the complexities of GDPR and meet the requirements on a multi-jurisdictional basis.
The EUGDPR Institute AIC certification provides organisations with the assurance that the certification which is based on national and international standards will enhance credibility with customers and stakeholders and demonstrate compliance to regulators with a compliance report.
- The EUGDPR Institute AIC certification will demonstrate compliance with Article 25 (governs data protection by design and by default.
- The EUGDPR Institute AIC certification will provide “proper assessment” leading to granting certification, and likewise lead to its withdrawal in the event of noncompliance, and the certification adherence can be a mitigating factor in limiting GDPR fines.
The GDPR Institute certification mechanisms will provide controllers and processors efficient means for establishing and maintaining compliance. The certifications may serve as a marketing tool, allowing data subjects to choose controllers signalling GDRP compliance or a Processors certified status may play a significant role in facilitating cross-border data transfers.
br> 1 Accreditation under GDPR article 43 is based on: (a) demonstrate its “independence and expertise in relation to the subject-matter of the certification to the satisfaction of the competent supervisory authority”; (b) undertake “to respect the criteria referred to in Article 42(5) and approved by the supervisory authority which is competent pursuant to Article 55 or 56 or by the Board pursuant to Article 63”; (c) establish “procedures for the issuing, periodic review and withdrawal of data protection certification, seals and marks”; (d) establish “procedures and structures to handle complaints about infringements of the certification or the manner in which the certification has been, or is being, implemented by the controller or processor, and to make those procedures and structures transparent to data subjects and the public”; and (e) demonstrate "to the satisfaction of the competent supervisory authority that [its] tasks and duties do not result in a conflict of interests.”