ADISA ICT Asset Recovery Standard 8.0

UK GDPR Approval number – CSC/003 and CSC/004

What does it mean?

In August 2022, ADISA concluded a three year process to achieve UK GDPR Certification Scheme status for ADISA Standard 8.0 (UK). ADISA Standard (EU) was submitted to the Irish Data Commission soon afterwards and with very few differences we hope that evaluation process to proceed with a similar outcome.

In short this means that the regulator has confirmed one way for organisations to confirm they are compliant with the law. By using a certified company organisations who release assets can be assured of compliance with the law not because their supplier tells them, not because ADISA does, but because the data regulatory themselves verifies compliance through certification.


GDPR Certification Schemes.

Article 42 of GDPR - Certification

There is a requirement for each Local Supervisory Authority, which in the UK is the Information Commissioner's Office, to establish data protection certification mechanisms to demonstrate compliance to processing operations by controllers and processors.

Article 43 of GDPR - Certification Bodies

Compliance to this is achieved by accreditation by the national accreditation body, which in the UK is the UK Accreditation Service (UKAS), against ISO 17065 plus additional requirements as determined by the local supervisory authority in question.