What is an ICO-approved Certification?

An ICO-approved Certification is a way for organisations to demonstrate their compliance with the UK GDPR (General Data Protection Regulation). The Information Commissioner’s Office (ICO) approves certification schemes that help businesses, individuals, and regulators ensure data protection in a practical way

What is the difference between a data processor and a data controller?

The data controller is the company that holds the customer data. This means taht they bear the main responsibility for ensuring that data processing complies with data protection laws. Examples of this would be law firms, barristers and in-house councils.

The data processor processes data on behalf of the data controller. They do not decide the purpose or means of processing. Examples of this could be an IT service provider managing a law firm’s database,  software providers (document management), solution providers (translation services) and consultants (implementers).