Accreditation of certification providers
17Accreditation of certification providers
(1)Accreditation of a person as a certification provider is only valid when carried out by—
(a)the Commissioner, or
(b)the national accreditation body.
(2)The Commissioner may only accredit a person as a certification provider where the Commissioner—
(a)has published a statement that the Commissioner will carry out such accreditation, and
(b)has not published a notice withdrawing that statement.
(3)The national accreditation body may only accredit a person as a certification provider where the Commissioner—
(a)has published a statement that the body may carry out such accreditation, and
(b)has not published a notice withdrawing that statement.
(4)The publication of a notice under subsection (2)(b) or (3)(b) does not affect the validity of any accreditation carried out before its publication.
(5)Schedule 5 makes provision about reviews of, and appeals from, a decision relating to accreditation of a person as a certification provider.
(6)The national accreditation body may charge a reasonable fee in connection with, or incidental to, the carrying out of the body’s functions under this section, Schedule 5 and Article 43 of the GDPR.
(7)The national accreditation body must provide the Secretary of State with such information relating to its functions under this section, Schedule 5 and Article 43 of the GDPR as the Secretary of State may reasonably require.
(8)In this section—
“certification provider” means a person who issues certification for the purposes of Article 42 of the GDPR;
“the national accreditation body” means the national accreditation body for the purposes of Article 4(1) of Regulation (EC) No 765/2008 of the European Parliament and of the Council of 9 July 2008 setting out the requirements for accreditation and market surveillance relating to the marketing of products and repealing Regulation (EEC) No 339/93.