WHAT IS THE PRINCIPLE OF ACCOUNTABILITY?
The principle of accountability is included in article 5.2 of the General Data Protection Regulation (hereinafter GDPR) and is mandatory for all entities, companies or freelancers that deal with personal data.
WHAT DOES IT MEAN?
Complying with the principle of proactive responsibility means taking measures to comply with the principles of the Regulation, and, in addition, being able to demonstrate and provide evidence of compliance to third parties, such as the Spanish Data Protection Agency (hereinafter AEPD).
However, we must bear in mind that it is not enough to apply just any measure, but that these must be appropriate to the nature, needs and risks of the organization. This requires a prior analysis of the processing of personal data to determine what data are processed, for what purposes and what operations are carried out.
HOW TO APPLY THE PRINCIPLE OF ACCOUNTABILITY
Once the analysis of the data being processed has been carried out, the most appropriate measures for the processing must be chosen and the way in which they are to be applied must be decided. The AEPD provides a series of guides with measures aimed at demonstrating compliance with the regulations, such as, for example, carrying out an impact assessment, appointing a Data Protection Delegate or notifying security breaches, among others.
Regardless of which measures have been chosen, the most important thing is that they have been implemented correctly and are the most suitable for the processing.
Secondly, the measures chosen will have to be reviewed and updated periodically, and whenever there is any significant change in the organization. This minimizes the risk of non-compliance with the Regulation and enhances the application of the principle of proactive accountability.
Finally, evidence of the measures implemented should be collected as proof that the principle of proactive responsibility is being complied with.
In summary, we can highlight the benefits of applying the principle of proactive responsibility in our organization: