Accountability: what you need to know
There has been a huge amount of talk regarding data protection and the new GDPR legislation over the last few months as all organisations are under pressure to be totally compliant by the impending deadline: May 25th (that is today!)
If you need any information regarding GDPR and how it will change the way in which you can communicate with clients and customers, please visit our blog page where we have several posts discussing this new regulation.
Today, however, we would like to talk to you about accountability.
Accountability is a new ‘notion’ in the GDPR, although the ICO is now classing this as one of the data protection principles. There are two elements to this principle – both of which you must fulfil. Under accountability, you are firstly responsible for complying with the GDPR but secondly you are responsible for keeping records which prove you are compliant with the GDPR.
It is up to you how you choose to record this proof: the ICO have produced a document with suggestions that may be worth having a look at if you are stuck for ideas!
For example, following a breach the ICO may ask you to prove that you have previously trained your staff. A signing in sheet may be insufficient, proof that training was actually delivered is preferable. If you say you securely destroy all IT equipment, you need to prove it. Proving you are doing something is relatively easy, however proving there was no breach, that is a different matter altogether.
The obligations for accountability are ongoing and must be reviewed and updated where necessary, and you must adopt a proactive approach towards data protection, as with the law changing, you could now be hit with a hefty fine if you fail to comply.
As well as ensuring you are compliant with the new regulation, taking responsibility for how you handle the data of an individual allows you to prove that you take data protection and privacy seriously, which will in turn develop people’s trust in both you and your organisation.
In the unfortunate event of something going wrong like a case of a data breach, by having records in place that prove you have put measures in place to stay compliant, you actually lessen the likelihood of being fined.
We understand there are hundreds of organisations talking about GDPR and it may appear overwhelming but remember: this will be a law. You must comply.
If you require any more information regarding GDPR or accountability, Griffin House Consultancy can help you. We are a team of highly experienced and knowledgeable professionals who will be more than happy to assist you in achieving total compliance.
For any help, call us today on 01673 885533 or email us on [email protected]