The GDPR’s new and improved accountability regulations puts the spotlight onto you and your business. Come May 2018, you must demonstrate compliance.
A recent ICO survey found that 75% of UK adults do not trust businesses with their data. This staggering figure alone should be enough to tell you why accountability is at the forefront of the General Data Protection Regulation.
Whereas in the past you may have just about been able to push accountability to the back of your mind, not anymore. Even if you suspect your business is already compliant, it is definitely worth checking your practices are in line with the new regulations.
The history of Accountability
Accountability is a cultural and organisational shift within an organisation.
The concept of accountability is not necessarily new to policies like the GDPR. Since it was originally introduced into data protection policy in 1980, accountability has made its way into the core principles of various national data protection laws.
How can I demonstrate Accountability?
- Implement appropriate and compliant technical and organisational measures. This could include internal data protection policies like staff training and internal audits of processing activities. As well as reviews of internal HR policies.
- Maintain relevant documentation on processing activities.
- Where appropriate you should appoint a data protection officer.
- Apply measures that meet the principles of data protection by design and data protection by default. For example, such measures could include: data minimisation, pseudonymisation, transparency and allowing individuals to monitor processing.
- Creating and improving security features on an ongoing basis.
- Where appropriate you should also use data protection impact assessments.
But how will I benefit?
Although the GDPR may be giving you headaches and sleepless nights, in the long run, the new regulations have the potential to strengthen your business.
By reducing the risk of breaches and upholding the protection of personal data, these measures have the potential to reinforce trust between you and your customer. Or, as the GDPR would have it: between you, the data controller, and your data subject.
What is expected of me?
Accountability should not just be a box ticking exercise, it should be built into the fabric of your organisation. Broadly, the GDPR expects you to adopt comprehensive but proportionate governance measures. Therefore in practice, this will likely mean more policies and procedures for your organisation.
Although the GDPR can be an asset to your business, it can also be a bit of a minefield. In this article, we’ve introduced you to the basic principals of accountability, but in reality we’ve barely scraped the surface of the GDPR as a whole. In order to gain more insight into the GDPR, see our Countdown to GDPR series:
- What is GDPR and why is it important?
- Countdown to GDPR: 5 steps to take today
- Countdown to GDPR: How will Personal Data be defined?
In the run up to the GDPR launch date, we’re offering a GDPR Health Check for your website along with workshops and bespoke GDPR plans. To find out more, head over to our page on GDPR Health Check.
Alternatively, you can get in contact today. Give us a call at: 01787 388038 or send us an email at: firstname.lastname@example.org