Accountability principle implies that every organization needs to be held accountable for their actions and behavior towards every individual or a third party they interact with, in their everyday business.
When it comes to the GDPR, the Accountability principle means that the organization is obligated to put in place appropriate technical and organizational measures to demonstrate compliance, protect data subject’s rights, not to abuse personal data and to ensure that data subjects’ rights are fulfilled.
This measures can include:
- keeping appropriate documentation on what personal data is processed, by whom and for how long
- Keeping compliant Records of processing activities
- introducing internal procedures for the GDPR processes
- appointing Data Protection Officer or documenting internal analysis of whether you need to appoint a DPO or not, so you can demonstrate that all relevant factors were taken into account
- introducing appropriate IT measures and systems for processing, managing and protecting personal data