ENAC New Fields of Accreditation for Certification of DPO and Public Sector Websites and Applications

First Organization Accredited in Spain for Data Protection Officer Certification


ENAC, the Spanish national accreditation body, has granted IVAC-Institute of Certification the first accreditation for data protection officer certification under the Spanish Data Protection Agency's (AEPD’s) scheme conforming with the requirements of the ISO/IEC 17024 standard applicable to certification of persons.


IVAC-Institute of Certification has become the first body to pass ENAC's inspection process and consequently is the only one that can issue accredited data protection delegate (DPD) certificates, showing both the mark of ENAC and the scheme's owner. ENAC is also in the process of inspecting other bodies that have the AEPD's provisional designation and which enables them to hold exams for a year.


With all this, the certification body values ENAC's accreditation as a way to be differentiated in the market: “For IVAC, ENAC's accreditation is the best way to compare ourselves to the big brands, as it is the recognition that the certification body issues reliable certificates in accordance with internationally recognized standards and, therefore, they will be valued and recognized in many countries on the basis of international agreements signed by accreditation bodies”, concluded Miguel Ángel Vila, manager of IVAC.


The Spanish Royal Decree to Improve Public Sector Website and App Accessibility Recognizes Accredited Certification


The newly published Spanish Royal Decree 1112 / 2018 aims to ensure that public sector organisations' (and other connected organisations’) web sites and mobile device applications have the required accessibility; that the required compliance reviews are carried out with the accessibility requirements in the design, construction, maintenance and update phases; and that these reviews are carried out by a certification body accredited by ENAC: "The obliged bodies may certify compliance with the requirements of this Royal Decree in their web sites and mobile device applications by a certification body whose technical competence has been formally recognized by the National Accreditation Body (ENAC) or by another national body according to Regulation (EC) No. 765/2008 of the European Parliament and Council 9th July 2008, which lays down accreditation requirements and market security related to marketing products".


This new Royal Decree's goal is to ensure equality and non-discrimination of people's access, in particular people with disabilities and older people; to provide more guarantees and to recognize the value of accredited services as a system to control accessibility requirements. These bodies are the only ones to have proven their technical competence to ENAC: an independent body and declared public utility.


By opting for accredited certification bodies and demanding certificates that include the ENAC mark, the public administration and companies can rely on these institutions having the necessary independence and technical expertise to offer the service, as they have a technically competent staff and an audit team who understand the critical products and processes of the organizations they serve, their specifications and the technological environment in which their activity is carried out.