Accountability is a key principle under the GDPR. However, there is little official guidance as to what it means in practice.
The notion of accountability is not new. Accountability was introduced as a basic data protection principle in the 1980s. This used to be a reactive assignment of responsibility for privacy compliance. However, under the GDPR application of the principle will require a systematic and proactive approach to all personal data collection and handling processes throughout the entire business. Importantly, businesses will need to demonstrate compliance (through documentation, policies and keeping a paper trail) with their obligations under the GDPR to satisfy the principle, rather than carry out a tick box exercise… and to prepare itself in the event of an audit by the authorities.
Read the full article on HR Magazine.
If you require any further information or advice about matters covered in this article or any other aspects of the GDPR, please contact Rachel Ashwood. You can also read about our GDPR toolkit for HR practitioners here.