- Determine the organisational measures best suited to your organisation, and the documents required
- Centralise all information and documents relating to personal data protection: record of processing activities, record of data subject requests, etc.
- Centralise documents that impact data protection: terms & conditions of an IT host, service contract with the HRIS, etc.
- Demonstrate your compliance to customers and data protection authorities by easily exporting all accountability documents in a single file
- Map your data processing
- Determine the purposes of the processing activities
- Inform your employees
- Retain personal data for the appropriate time span
- Choose a legal basis, e.g. consent
Accountability is one of the key new ideas introduced by the GDPR, and one of its core principles. It can be summed up simply: an organisation that processes personal data must be able to demonstrate, at first request of the authorities, that it complies with GDPR requirements.
This represents a major challenge for organisations. Above and beyond strict compliance with the law, it means proving to customers, service providers and prospects that the organisation is reliable and observes the full range of principles relating to personal data protection and individual rights and freedoms (protection of individual rights, prevention and management of data breaches, data security, personal data processing, etc.).
To comply with the accountability principle, an organisation must develop, document and implement processes covering the main GDPR topics such as the record of processing activities, impact assessments, and management of data subject requests and data breaches.
The DPO is not the only person subject to this principle. It extends to all partners, subcontractors, employees, data controllers and others who work with the organisation.