DPC GDPR Certification
Get Started with This SkillOverview
GDPR certification under Ireland DPC and Art. 42–43: DPC-approved criteria, INAB-accredited certification bodies, and documentation for certification readiness.
Getting Started
Add your source materials to the project workspace, then activate the DPC GDPR Certification skill. The agent will guide you through the process step by step.
Example conversation
You: We’re considering applying for a GDPR certification scheme recognised by the Irish DPC. We need a gap analysis against typical certification criteria and a short narrative for our board.
Agent: I’ll use the certification reference (DPC-approved criteria, INAB-accredited bodies). I’ll draft a gap table: each criterion area (e.g. lawfulness, security, rights, accountability), our current status, and evidence or actions needed. I won’t invent criteria—I’ll base it on the skill reference and note that you must confirm the exact scheme and criteria with the DPC/INAB. I can also draft a one-page executive summary for the board.
Output excerpt
Certification gap analysis (excerpt)
| Criterion area | Current status | Evidence / action |
|---|---|---|
| Lawfulness, fairness, transparency | Partial | Privacy notice updated; need to document legal basis per purpose. |
| Security (Art. 32) | In progress | Risk assessment done; encryption at rest/transit; retention and destruction procedure drafted. |
| Data subject rights | Partial | SAR procedure in place; portability and objection procedures to be formalised. |
| Accountability | Partial | ROPA and breach procedures exist; DPIA process to be documented. |
Confirm exact criteria with the DPC-approved scheme and INAB-accredited certification body.
Extension and validation
The skill includes a validate_certification_document tool that checks your certification readiness document (gap analysis or narrative):
- DPC / INAB reference: Ensures the document references the Data Protection Commission (DPC) and/or the Irish National Accreditation Board (INAB), which approve criteria and accredit certification bodies. Missing reference is reported as an error.
- Typical criteria areas: Checks for coverage of criteria commonly used in DPC-approved schemes: lawfulness, fairness and transparency; purpose limitation and data minimisation; accuracy, storage limitation and security; accountability and documentation; data subject rights and breach procedures. Missing areas are reported as warnings.
- Placeholders: Detects unfilled placeholders (e.g.
[ ... ],TBD,TODO) so you can complete the draft. - Scheme / certification body: Suggests confirming the exact DPC-approved scheme and INAB-accredited certification body on the DPC and INAB websites.
Run the tool on your draft and confirm current schemes with DPC/INAB before applying.