Accountability obligation

Accountability is a common principle for organizations across many disciplines; the principle embodies that organizations live up to expectations for instance in the delivery of their products and their behavior towards those they interact with. The Data Protection Act (DPA) integrates accountability as a principle which requires that organizations put in place appropriate technical and organizational measures and be able to demonstrate what they did and its effectiveness when requested. Organizations, and not data protection authorities, must demonstrate that they are compliant with the law. Such measures include:

  • 01

    Adequate documentation on what personal data is processed.

  • 02

    How, to what purpose, and how long data will be processed for.

  • 03

    Documented processes and procedures aiming at tackling data protection issues at an early state when building information systems or responding to a data breach.

  • 04

    The presence of a Data Protection Officer (if required) who is integrated in the organization planning and operations etc.