GDPR Accountability Principle: A Data Controller's Obligation
Accountability is not a new concept in data protection, but whereas the principle of accountability was implicit in the Data Protection Act 1998, the General Data Protection Regulation explicitly enshrines accountability as an obligation for controllers, meaning that firms will need to take responsibility and prove that they are compliant. Articles 5 and 24 of the GDPR require that controllers be able to demonstrate compliance; Article 5 specifically defines ‘accountability’