The accountability principle requires organizations to take responsibility for what they do with personal data and how they comply with other GDPR principles.
The organization is obligated to put in place appropriate technical and organizational measures to demonstrate compliance, protect data subject rights, and ensure that data subjects’ rights are fulfilled.
These measures can include:
- Keeping appropriate documentation on what personal data is processed and for how long
- Keeping compliant Records of processing activities
- Introducing internal procedures for the GDPR processes
- Appointing Data Protection Officer or documenting internal analysis of whether you need to appoint a DPO or not, so you can demonstrate that all relevant factors were taken into account
- Introducing appropriate IT measures and systems for processing, managing, and protecting personal data