Certification

Rules

RULES 

FOR THE ISSUANCE OF CERTIFICATES

 

PDP GROUP

Personal Data Protection

 

Regulamin PDP Certificates

 

Everybody has the right to have his/her personal data protected and  the processing of personal data can be carried out in the public interest, the interest of the data subject, or the interest of any third party.

 

§ 1

1. „Rules for the issuance of certificates” (“Rules”) sets out the rules for the issuance of certificates which confirm fulfillment by the certificated entity of the personal data protection law requirements, and of the duties of certificate chapter members.
2. The goal of the Rules is the standardisation of procedures for the issuance of the certificates.
3. All those who participate in the process of issuing the certificates, i.e. certificate chapter members, employees and colleagues of the PDP Group office are obligated to use the Rules.

§ 2

For the purposes of these Rules:
1. Personal data protection law – means all  acts and regulations which are obligatory in European Union territory and especially in the certificated entity's country.
2. Personal data – means any information relating to an identified or identifiable natural person (' data subject') ; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, unique identifier or via one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social, or gender identity of that person.
3. Certificate – means the quality mark which is being issued by the PDP Group for certificated entities
4. Audit – means an investigation carried out with the aim of establishing whether the entity seeking certification meets all data protection requirements.
5. PDP Group – means the Personal Data Protection Group, the opinion-creating  and advisory body, which includes experienced persons with expert knowledge in the personal data protection field and persons who are interested in the active promotion of lawful personal data processing and the introduction of good practices in this area.
6. Certificate chapter members – means personal data protection experts who belong to the PDP Group and also persons who have appropriate authority, and are appointed to assess and confirm the high personal data protection level of the certificated entity. 
7. Certificated entity – the entity (a firm, institution), which the PDP Certificate is being issued to.
8. Auditing entity – the entity which performs or supervises the audit processes which assess the personal data protection level in the certificated entity.

§ 3

The certificated entity can apply for the following
certificates:
- “Business Certificate”, which confirms the compliance of personal data processing with legal requirements in all aspects and fields
- “Data Certificate”, which confirms the compliance of personal data processing with legal requirements in the certificated database/data filing system
- “Project Certificate”, which confirms the compliance of personal data processing with legal requirements regarding projects/IT systems/training programmes, etc.

§ 4

The certificate is issued after conducting an audit which confirms that the entity applying for certification processes personal data in accordance with the regulations regarding personal data protection, in the area necessary for receiving a certificate.

§ 5

1. The auditing entity for the certificates which are issued by the PDP Group is ABI Consult.
2. Detailed rules for the audit process, including the auditors obligations and auditing entity, are indicated in the audit agreement signed between the certificated entity and the auditing entity.

§ 6

1. After the audit the auditors shall prepare a detailed report.
2. The report may be positive or negative.
3. A positive report is prepared if the audit findings show that the certificated entity processes the personal data in the certificated fields  in accordance with personal data protection requirements.
4. A negative report is prepared if the audit findings show that the certificated entity processes the personal data in the certificated fields not in accordance with personal data protection requirements.
5. A positive report contains the following information:
    - the names and surnames of the auditors
    - the name and the address of the auditing entity
    - the type of issued certificate
    - the audit dates
    -  the audit scope and detailed findings
    - a summation of the audit results which confirms that the certificated entity processes personal data according to personal data protection requirements and meets all conditions necessary to issue       the certificate or to extend its validity.
6. A negative report contains the following information:
    - the names and surnames of the auditors
    - the name and the address of the auditing entity
    - the type of issued certificat
    - the audit dates
    - the audit area and detailed findings
    - a summation of the audit results which confirms that the certificated entity processes personal data not according to personal data protection requirements and does not fulfill all conditions necessary to issue the certificate or to extend its validity
    - an indication of all violated acts regarding personal data protection requirements and a statement of the reasons.
5. The report is prepared in two specimens, one for the certificated entity and one for the PDP Group office.

§ 7

1. Within 7 days of delivery of a positive report to the certificated entity, the PDP Group office shall start activities necessary to receive the decisions and signatures of the members of the chapter.
2. The certificate shall be signed by at least 3 chapter members.
3. Before the signing of the certificate a member of the chapter is obligated to acquaint themself with the summation of the audit results which is part of a positive report.
4. The means of delivery of the certificate is always established individually with the certificated entity. 

§ 8

1. An entity applying for a certificate, in which the audit ended with a negative report, after removing the deficiencies in the processing of personal data indicated in the report, may re-apply for a certificate.
2. In the event of re-applying for a certificate, regulations indicated in §4 - §7 of these rules shall apply.

§ 9

1. The certificate shall be valid for 3 years from the date of issuance.
2.A verification audit which confirms compliance with certification requirements shall be carried out once a year.
3. Any extension of the validity of a certificate shall occur 3 years from the date of issue of the certificate and after a positive re-certification audit.
4. Any verification and re-certfication audit shall take place in accordance with regulations indicated in §4 - §7 of the rules

§ 10

Regarding issuance of certificates, chapter members are obligated to:
- acquaint themselves with the summation of the positive audit results
- sign the certificates
- work with the PDP Group office
- destroy/remove or return to the PDP Group office the summation of the audit results which is part of a positive report, after the certificate has been signed
- keep confidential all the circumstances and information which they learned as a member of the Chapter in connection with the issuance of PDP Group certificates.

§ 11

1. The PDP Group office keeps an electronic registry of issued certificates.
2. The register shall include: the issuance date of the certificate, the date of the validity of the certificate, the type of the issued certificate, and the name of the certificated entity.
3. Issued certificates are not confidential and their issuance and period are subject to identification in  an online form after inputting the certificate number or National Business Registry Number of a certificated entity.

§ 12

1. The running of the PDP Group Office is provided by ABI Consult.
2. The staff of ABI Consult who run the PDP Group Office are obligated to ensure appropriate conditions of storage for all documentation created during the issuance of certificates and in particular to protect against unauthorized access.

§ 13

ABI Consult has oversight over the proper execution of the provisions of the Rules.

§ 14

The Rules becomes effective from 11.02.2013 r.

 

ABI CONSULT GROUP

Informal Expert Group

 

Current affairs
Certificates
owners
and 4 others
Kontakt
Certificates Explorer
×
Pliki cookies w naszym serwisie.
Informacji zarejestrowanych w plikach "cookies" używamy m.in. w celach reklamowych i statystycznych oraz w celu dostosowania naszych serwisów do indywidualnych potrzeb użytkowników. Możesz zmienić ustawienia dotyczące "cookies" w swojej przeglądarce internetowej. Jeżeli pozostawisz te ustawienia bez zmian pliki cookies zostaną zapisane w pamięci urządzenia. Zmiana ustawień plików "cookies" może ograniczyć funkcjonalność serwisu. Nie pokazuj więcej tego komunikatu.