The GDPR includes provisions that promote accountability and governance. These complement the GDPR’s transparency requirements. While the principles of accountability and transparency have previously been implicit requirements of data protection law, the GDPR’s emphasis elevates their significance.
We are expected to put into place comprehensive but proportionate governance measures. Good practice tools such as privacy impact assessments and privacy by design are now legally required in certain circumstances.
Ultimately, these measures should minimise the risk of breaches and uphold the protection of personal data.
The accountability principle in Article 5(2) requires us to demonstrate that we comply with the principles and states explicitly that this is our responsibility.
This means that we must:
What are STMCC doing to demonstrate accountability?