When GDPR came into force, one of the key changes was the new principle of Accountability. Essentially what it means is that business owners and leaders must not only take responsibility for complying with Data Protection Regulation and all of it’s principles (which was arguably always the case), but more importantly, they must be able to evidence this. So what can you do to demonstrate your accountability? Here are some examples:
Make sure you have clear data protection policies and procedures in place
Take a ‘Data Protection by Design and Default’ approach
Carrying out Data Protection Impact Assessments if any activity has potential to pose a ‘high risk’ to personal data
Make sure you have written contracts in place with any organisation processing personal data for you (think marketing companies, software providers, service providers)
Document your approach and steps for complying with GDPR
Implementing, documenting and monitoring your appropriate security measures for protecting personal data
Recording and reporting (where necessary) data breaches
And above all else, when you put these things in place, don’t store them away on a shelf to gather dust! Accountability isn’t a stand alone task, it’s an ongoing requirement. So, the key to demonstrating your compliance with this principle is to remember to;
Regularly monitor, review and update all of these measures
Update or create your Training plan to ensure that anyone in your organisation who handles, stores or processes personal data, understands their responsibilities and how your business manages it.
How can we help?
All In Business Solutions can provide documented annual health checks and training to help you monitor, review and demonstrate your ongoing compliance.