The accountability obligation means that the controller must be able to prove that the other obligations of the GDPR (e.g. documentation obligation, fulfilment of data protection rights, transparency obligation) are complied with. For example, the controller should not only delete data in good time. They should also be able to prove that they are doing so.
In the case of deletion, a deletion concept could provide information on who deletes data when and how in the company. The fulfilment of rights (e.g. right of access) could be demonstrated by means of guidelines that regulate exactly how to proceed in the event of an incoming data subject rights request.
The purpose of the accountability obligation is to be able to easily demonstrate to a requesting data protection supervisory authority that compliance with the GDPR obligation is taken seriously. The accountability obligation as such is subject to a fine. This means that even if the company actually fulfills all other data protection obligations but cannot prove that it does so, a fine can be imposed.
Implementation of all other obligations under the GDPR.
Identification of methods that enable proof of the implementation of obligations (e.g. creation of an authorization concept or a data subject rights policy).
Structured provision of verification documents in the event of a request from the responsible data protection supervisory authority and, if necessary, corresponding document output to the supervisory authority.
>> Find out which other data protection obligations have to be considered with respect to European data protection law.
.png){kind=small}
.png){kind=small}
.png){kind=small}
.png){kind=small}
