Organisations have had to radically rethink their approach to data protection now that the GDPR (General Data Protection Regulation) is in effect.
But did you know that data controllers can be in violation of the GDPR even if they don’t violate any of its data protection rules? This is because the Regulation requires organisations to demonstrate their compliance. If you don’t do this, you are in breach of the GDPR.
Accountability: the key to compliance
The need to document compliance shouldn’t be new to you. Your organisation should have always had policies and processes in place to help make sure that best practices are being followed.
The difference with the GDPR is that it elevates accountability into a principle, making it fundamental to the way organisations approach data protection. In other words, demonstrating compliance isn’t just another step on the road to compliance; it should be something you think about whenever you are implementing or reviewing technical or organisational controls.
How to demonstrate accountability
Accountability is essentially about being able to prove you are following the GDPR’s requirements. This will help whenever your compliance is brought into question, such as when you suffer a data breach or when someone complains about the way you collect data.
To do this, you will need documented evidence of your:
- Data protection policy
- Training policy
- Information security policy
- DPIA (data protection impact assessment) procedure
- Retention of records procedure
- Subject access request form and procedure
- Privacy procedure
- International data transfer procedure (where relevant)
- Data portability procedure (where relevant)
- Complaints procedure
- Privacy notice
Get help demonstrating your compliance
Providing all this information will take a lot of time, and is not a one-off requirement. Organisations must review each policy regularly and update them whenever there are changes in the way they operate.
However, you can reduce the burden on your organisation with our EU GDPR Documentation Toolkit.
It provides template documents for everything you need to demonstrate GDPR compliance, as well as:
- Easy-to-use dashboards and project tools to help you manage your compliance posture;
- Advice from expert GDPR practitioners; and
- Two licences for our GDPR Staff Awareness E-learning Course.
If you want further evidence of compliance, try our GDPR audit service.