GDPR Certification

On occasion, we are asked whether Esferico can provide a GDPR Certificate for our products.

What is GDPR Certification?

GDPR Certification was a process which the ICO started to implement some time ago, but with a very slow rate of progress. It is the aim of GDPR and UK GDPR bodies to promote the certification system.

As of March 2020, ICO finally implemented a GDPR Certification system in which companies and organisations can provide documentation to a 'scheme' which matches the use of data in a product or the organisation in general and have it assessed.

Some of the reasons for becoming 'certified' rely on the possibility of 'commercial advantage' (i.e. as an organisation we should become certified, while our competitors are not), and to show compliance with GDPR principles.

Are we part of the scheme?

No. Esferico chose not to be part of the GDPR Certification scheme at this time.

This does not however, in any way reduce our statutory compliance with the GDPR and other UK Data protection Legislation.

Why are we not part of the scheme?

The most important reason that we are not part of the certification process is simply that there is no scheme that covers Pergamon, Mystic or any other product produced by Esferico ltd.

As stated in the ICO documentation:

Applying for certification is voluntary. However, if there is an approved certification scheme that covers your processing activity, you may wish to consider having your processing activities certified as it can help you demonstrate compliance to the regulator, the public and in your business to business relationships.

(emphasis added)

As it currently stands however, we additionally feel that the GDPR Certification process provides neither an advantage to ourselves, nor to our clients. All GDPR compliance is available via other documentation, and simply represents a cost to a private company (not the ICO) which must be passed on by those who voluntarily certify against a 3rd part framework (again, not created by the ICO).

Further information about certification:

  • The GDPR Certification scheme is totally voluntary, and is not part of the required GDPR or Data Protection legislation responsibilities of data processors.
  • The certification process is administered by 3rd party companies who approach the ICO with a framework (which they own) of an assessment against which companies can be assessed (for a fee). They are then able to provide consultancy services and even software products for the assessment of your organisation against the framework. While these schemes are 'authorised' by the ICO, they are not official assessments - they effectively equate to an individual receiving a certificate from a private training session (as long of course, as the organisation passes).
  • At this time, there is no official auditing system in place to confirm compliance with the GDPR.
  • While the ICO can (and do) audit companies retrospectively for adherence to the GDPR (e.g. after a breach), this is a totally separate and official aspect of the ICO - the documentation that needs to be provided for an audit is essentially the same as that for a certification.
  • A list of authorised schemes was finally made available from April 2021 (see ICO Certification Schemes) and is therefore still very much in its infancy. At of the time of writing, only three such official schemes are listed as being approved by the ICO, and none of which are applicable to the products provided by Esferico ltd.
  • Certification is an expensive process, and must be balanced against the information that is recorded within any individual product. Such costs would therefore also need to be passed on to clients. Esferico applications store a very small number of fields which are categorised as protected data (most is not personal in nature, and most is deemed as being in the public domain) and most is not useful for identification. Wider protected characteristics, addresses and contact information are typically not stored within these systems. 

 

Further information on the certification system can be found at the ICO Certification web page.

Last edited: May 2021.

 

GDPR and General Data Handling Information

This section of the website contains a number of documents which relate to the GDPR (from both before and after the UK left the EU) and general data handling topics.

Key Staff

Craig Robinson PgDip BSc (Hons.) PGCE CITP MBCS MSET

Craig Robinson's first experience in software development within the professional world was in the development of security systems for what is now the Ministry of Justice. After leaving central government, Craig formed several software development companies some of which created products for the library and information management industries and which became some of the top products in their market places.

In 2004, Craig returned to education as both a student and educator as a break from a hectic software development period and it is during this time that plans were made for what would become the Pergamon range of products. Over a very short period of time, Craig reinforced industry experience with graduate and post-graduate degrees in both Computing and Design.

Today, as well as being a Chartered IT Professional (software developer) and a member of the ELITE industry steering group of the Chartered Institure of IT, and the founder and principle software developer at Esferico ltd., he is also a qualified teacher. While having taught KS2 and 3 (he is currently converting his qualification to a full QTLS via SET), FE and still teaches Film Making to Primary school pupils at a local school in Medway, his principle teaching role is in Computing and Software Development for University of Kent courses delivered at a new specialist HE facility at the local college, and most recently, Craig has developed a Data Science Apprenticeship for a local University.

Craig's specialities are in Software Development, Systems Analysis and Design using Agile techniques, Database Design and Development, the construction and management of Intranet servers and hosting, and in IT Management, Law and Ethics.

In his spare time (he has any?), Craig is an enthusiastic film maker. While principally in the non-commercial world, he is currently going through yet another level 6/7 post-graduate degree with Raindance / Staffordshire University and regularly submits to film festivals. Recently, he has also started to pass on his knowledge at Primary school film making classes and through the Pauline Quirke Academy in Dartford to pupils ranging from 6 to 18.

Naturally, with this background and range of roles, Craig always holds an Enhanced DBS Certificate, validated by both Medway and Kent Councils.

 


 

Veronica Plerigo Troncoso

Veronica is a native of Galicia is North-West Spain, a very different Spain than that which most people think of. On the Atlantic coast, it is a warm and green region but with freezing waters, and the home of a strong Celtic background and bag-pipe playing which is more akin to Ireland, Scotland and Northumberland than what is thought of by most British holiday makers.

Veronica holds the Spanish equivalent of the ACCA degree in Accounting and is therefore, quite logically our finance officer. She is also however, a part-time database designer and analyst, as well as being responsible for our international sales in Europe, speaking Gallego, Spanish, French and English and with a good working knowledge of both Portuguese and Italian. Veronica has worked for large international building firms, internet providers and even the BBC in her finance roles.

In her spare time, Veronica is an active Girl Guides assistant leader as well as an officially licensed Child Chaperone - as such, like all of our staff, she has an Enhanced DBS Certificate validated by Medway and Kent Councils.

Esferico

Esferico Ltd. finally came together as a formal company in 2005 to carry on the work of software developers working in information management, but also other more specialised niches. Over the course of nearly 30 years, our developers had worked on products utilised by local and central government and the military, in education and education administration at all levels, major banks and building societies, law firms and major corporations such as medical and chemical companies.

It is also true to say that some of our products have been used from the very formation of those clients, through to their final closure - our Medic multi-media library management application for example, was used by the British Defence Film Library continually for 25 years before their closure in 2017.

Today, Esferico utilises the experience of developers who have been in the business for over 30 years, and who in some cases began their development career before they even started secondary school. The company generally uses Agile development methodology in cross-platform graphic environments, so that we can develop quickly and efficiently and for all of the major platforms simultaneously - we have a policy, especially in this age of changing preferences regarding what is on a desktop - that no-one should be in a position where they can not access our product range.

Pergamon Mu is part of a range of products under the Pergamon banner which sees our return to the mainstream library management world. Released formally in March 2017, it is the culmination of over a decade of planning and gradual development of the range. Already, the signs are strong that it is going to make a major impact in its market place.