GDPR and the Accountability Principle

Accountability is one of the seven principles of GDPR. The accountability principle requires data controllers to prove they’re GDPR compliant. Adhering to the accountability principle requires appropriate technical and organisation measures regular data privacy assessments and appropriate record keeping.

In short, controllers and processors must take responsibility for how they process personal data and comply with other principles.

What the accountability principle means

How to demonstrate accountability

Accountability by design and by default?

How Formiti helps you stay accountable

Related Links

What the accountability principle means

Article 5 (2) of GDPR states, “The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’) [emphasis added]”.

So, we can break accountability down into two parts:

  • Responsibility for compliance: Being proactive and systematic about personal data protection.
  • Demonstrating compliance: Showing proof of and justification for steps your organisation has taken to be GDPR compliant.

The accountability principle is also in Article 24, which requires controllers to “implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation.”

In short, if you’re processing personal data, you are responsible and accountable for protecting that data.

How to demonstrate accountability

How an organisation should show accountability depends on several factors, including the:

GDPR does not specify what steps an organisation should take to show accountability. However, some steps might include:

Accountability by design and by default?

The ICO recommends organisations adopt data protection by design and default approach because this approach will naturally lead to accountability and compliance. Data protection by design and by default simply means that data privacy is considered and appropriate policies are implemented for every step of the data processing journey–from collection to its eventual deletion.

GDPR legislation recommends several measures an organisation can take to ensure data privacy by design and by default. These are:

  • Minimising data collection
  • Pseudonymisation
  • Transparency
  • Improving security features

How Formiti helps you stay accountable

Formiti offers a full suite of data regulation services to help you stay compliant and accountable for every market your organisation is based on. Our services include:

Source link

Author: Formiti Data Privacy Consultancy Blog

Leave a Reply

Your email address will not be published.