I have a website and mobile app that doesn't store data or PII.
Suppose I'm not subject to any special privacy laws. How can I voluntarily submit myself to an audit to ensure that I'm acting true to my word?
What regulations are recognized by businesses (and consumers?)in the US and UK/EU?
In the European Union you have the GDPR (General Data Protection Regulation) that will be enforced on May 25th, 2018 for all member states (that includes United Kingdom). Until now there has been a general framework that each member state would implement locally but that has led to different interpretations. This regulation will set the same terms for everyone (and very much welcome).
GDPR is not voluntary, it is mandatory for any business and institution that operates in the EU. There is not an official agency that would certify that a business is GDPR-compliant (I think this is even unfeasible as that would constraint how a business operates because an audit would be required for any minimal change in the business). But there are plenty of companies offering their services to become GDPR-compliant. Whether a business wants to advertise such compliance to its customers and whether the customers trust that is up to either party.
For your example of a website and app that does not store PII. If you have a website, you are already processing PII (the IP address for example), so you should not state that easily that you are not processing PII because it is likely that you are in probably most cases (at least, according to the GDPR, or if you prefer in the EU).
In US I cannot answer as I do not know the applicable legislation in detail, hopefully someone else can shed some light to it.
