The GDPR Accountability Principle is one of the data protection principles. It makes you responsible for complying with the UK GDPR. The regulation states that you must be able to demonstrate your compliance. It is sometime known as the seventh principle.
Therefore, you are required to put in place appropriate technical and organisational measures to meet the requirements of accountability.
Measures you must take
- adopting and implementing data protection policies
- taking a ‘data protection by design and default’ approach
- putting written contracts in place with organisations that process personal data on your behalf. These are better known as Data Processing Agreements.
- maintaining documentation of your processing activities
- implementing appropriate security measures
- recording and, where necessary, reporting personal data breaches
- carrying out data protection impact assessments for uses of personal data. This is required if the processing will likely result in high risk to individuals’ rights and freedoms
- appointing a data protection officer
- adhering to relevant codes of conduct
- signing up to certification schemes
However, the GDPR accountability principle obligations are ongoing. Therefore, you must review and, where necessary, update the measures you have put in place.These should be reviewed at least annually with a GDPR audit.
However, if you implement a privacy management framework this can help you embed your accountability measures. It will help you create a culture of privacy across your organisation. A good example of this is ISO 27701.
Being accountable can help you to build trust with individuals and may help you mitigate enforcement action.
So, if you want to know more about GDPR accountability, call us on 03333 22 1011 or contact us here.
You are legally required to be accountable. In the first instance you should take our test and get in touch today.
If you are still unsure, take a look at our checklist here.