The accountability principle in Article 5(2) of the GDPR requires that in addition to complying with the data protection principles in Article 5(1) the Institute must also be able to demonstrate compliance. The focus is on evidence-based compliance with specified requirements for transparency, more extensive rights for data subjects and considerably harsher penalties available for non-compliance.
In order to demonstrate that we comply with the principles, the Institute must;
- Implement appropriate technical and organisational measures that ensure and demonstrate that we comply. This may include internal data protection policies, staff training, internal audits of processing activities.
- Maintain relevant documentation on processing activities.
- Implement measures that meet the principles of data protection by design and data protection by default. Measures could include:
- Data minimisation;
- Allowing individuals to monitor processing; and
- Creating and improving security features on an ongoing basis.
- Use data protection Privacy Impact Assessments where appropriate.