PART 2General processing
CHAPTER 2F1 The UK GDPR
F2Certification
S. 17 cross-heading substituted (31.12.2020) by The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (S.I. 2019/419), reg. 1(2), Sch. 2 para. 21 (with reg. 5); 2020 c. 1, Sch. 5 para. 1(1)
17Accreditation of certification providers
1
Accreditation of a person as a certification provider is only valid when carried out by—
a
the Commissioner, or
b
the F3UK national accreditation body.
2
The Commissioner may only accredit a person as a certification provider where the Commissioner—
a
has published a statement that the Commissioner will carry out such accreditation, and
b
has not published a notice withdrawing that statement.
3
The F4UK national accreditation body may only accredit a person as a certification provider where the Commissioner—
a
has published a statement that the body may carry out such accreditation, and
b
has not published a notice withdrawing that statement.
4
The publication of a notice under subsection (2)(b) or (3)(b) does not affect the validity of any accreditation carried out before its publication.
5
Schedule 5 makes provision about reviews of, and appeals from, a decision relating to accreditation of a person as a certification provider.
6
7
8
In this section—
“certification provider” means a person who issues certification for the purposes of Article 42 of the F9UK GDPR;
“the F10UK national accreditation body” means the F10UK national accreditation body for the purposes of Article 4(1) of Regulation (EC) No 765/2008 of the European Parliament and of the Council of 9 July 2008 setting out the requirements for accreditation and market surveillance relating to the marketing of products and repealing Regulation (EEC) No 339/93.
Pt. 2 Ch. 2 heading substituted (31.12.2020) by The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (S.I. 2019/419), reg. 1(2), Sch. 2 para. 7 (with reg. 5); 2020 c. 1, Sch. 5 para. 1(1)