On Thursday 19 August 2021, the ICO approved the first certification scheme criteria under Article 42(5) of the UK General Data Protection Regulation ("UK GDPR"). 

The ICO approved three schemes: 

  1. a standard for ICT asset recovery certification, relating to the handling of personal data when IT equipment is re-used or destroyed; 
  2. age assurance / age checks certification; and 
  3. children's online privacy (age appropriate design of information society services) certification, based on the ICO's Age Appropriate Design Code. 

The ICO has now approved these scheme criteria, and the accredited certification bodies can deliver those certification schemes. 

This is an interesting development, in particular for organisations that will be impacted by the ICO's Age Appropriate Design Code. As a reminder, compliance with the Age Appropriate Design Code is expected from 2 September 2021. 

If you would like to read more about the Age Appropriate Design Code and its practical implications, please see our summary here