Accountability
Unlock This Video Now for FREE
This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.
The last data principle is accountability. All organisations are responsible for complying with the General Data Protection Regulations, which means that they must be able to demonstrate their compliance. To achieve this, most organisations must keep a record of their processing activities and provide this information in a clear manner in their privacy policy. They must understand and comply with all of the processing principles. They must have contracts in place with any data processors they use and have adequate security measures to safeguard the personal data they are processing. They should have policies in place to deal with and keep a record of individuals' requests to exercise their rights under GDPR. And if they use consent, they should have a record of how, when and to what the individual consented.
There should also be a policy to deal with, investigate, record and where necessary report data breaches. Public authorities and organisations whose core activities require large scale, regular and systematic monitoring of individuals, or who process large amounts of data relating to criminal convictions or offenses, must appoint a Data Protection Officer. All organisations must be registered with the Information Commissioner's Office and pay an annual fee. Password systems should be reviewed and employees should receive appropriate training to ensure that passwords and system security is maintained and that they should fully understand the importance of the protection of personal data. All systems should be monitored and all policies should be reviewed on a regular basis to ensure on-going compliance.