- Determine the organizational measures best suited to your organization and the documents required
- Centralize all information and documents relating to personal data protection: a record of processing activities, a record of data subject requests, etc.
- Centralize documents that impact data protection: terms & conditions of an IT host, service contract with the HRIS, etc.
- Demonstrate your compliance to customers and data protection authorities by easily exporting all accountability documents in a single file
- Map your data processing
- Determine the purposes of the processing activities
- Inform your employees
- Retain personal data for the appropriate period
- Choose a legal basis, e.g., consent
Accountability is one of the key new ideas introduced by the GDPR and one of its core principles. It can be summed up: an organization that processes personal data must demonstrate, at the first request of the authorities, that it complies with GDPR requirements.
That represents a significant challenge for organizations. Above and beyond strict compliance with the law, it means proving to customers, service providers, and prospects that the organization is reliable and observes the full range of principles relating to personal data protection and individual rights and freedoms (protection of individual rights, prevention, and management of data breaches, data security, personal data processing, etc.).
To comply with the accountability principle, an organization must develop, document, and implement processes covering the main GDPR topics, such as the record of processing activities, impact assessments, and management of data subject requests and data breaches.
The DPO is not the only person subject to this principle. It extends to all partners, subcontractors, employees, data controllers, and others who work with the organization.