There are now just over six months until the EU General Data Protection Regulation (GDPR) is enforced.
UK organisations that process the personal data of EU residents have only this time left to ensure that they are compliant.
What does the accountability principle mean?
The introduction of the accountability principle in Article 5(2) requires organisations to “be responsible for, and be able to demonstrate compliance with,” the principles of the GDPR.
How to demonstrate accountability under the GDPR
To demonstrate accountability, your organisation will need to:
- Keep up-to-date documentation of processing activities;
- Appoint a data protection officer (DPO) if appropriate;
- Implement measures to meet the principles of data protection by design and by default;
- Implement appropriate technical and organisational measures (policies and procedures) to ensure and demonstrate compliance; and
- Conduct data protection impact assessments (DPIAs) where appropriate.
Where to start with GDPR documentation
Documentation is an integral part of your GDPR compliance project.
Compiling policies and procedures to demonstrate compliance with the GDPR can be time-consuming and challenging.
How IT Governance can help
The market-leading EU GDPR Documentation Toolkit contains a complete set of mandatory and supporting documentation templates that are easy to use, customisable and ensure compliance with the GDPR, including:
- Data protection policy
- Training policy
- Information security policy
- DPIA procedure
- Retention of records procedure
- Subject access request form and procedure
- Privacy procedure
- International data transfer procedure
- Data portability procedure
- DPO job description
- Complaints procedure
- Audit checklist for compliance
- Privacy notice
The toolkit also includes easy-to-use dashboards and project tools, direction and guidance from expert GDPR practitioners and two licences for the GDPR Staff Awareness E-learning Course.