FREE GDPR Helpline
Call +44 (0) 208 133 2545
Download the Getting Started with GDPR Compliance PDF
The accountability principle in Article 5(2) of the GDPR requires organisations to demonstrate compliance with the principles of the GDPR. Article 24 sets out how organisations can do this by requiring the implementation of appropriate technical and organisational measures to ensure that organisations can demonstrate the processing of personal data is performed in accordance with the GDPR.
What “appropriate” means is largely dependent on the specifics of the individual company. There is no silver bullet. What works for one company does not necessarily work for another, but the obligation to demonstrate compliance exists in all instances and a structured approach to GDPR compliance works for all organisations.
Expectations from regulators have shown the obligation to demonstrate compliance is more than a one-off inventory or snapshot of your operations at a certain moment in time. It is not a tick-box exercise or a one-time gap analysis. Demonstrating compliance requires ongoing awareness and understanding of your personal data processing operations and embedding privacy management throughout your organisation.