Get Free Downloads
Start your GDPR today in just a few clicks
      
Get Free Downloads
Start your GDPR today in just a few clicks

GDPR Accountability

Tagged with GDPR HELP, GDPR ADVICE, GDPR ACCOUNTABILITY, GDPR
by Adam Brogden
in Blog

25-Jun-2019 12:29

Accountability is a key part of GDPR. Directors, Managers, Employees, and even volunteers are accountable for their actions and even their mistakes and omissions! This might sound a little harsh but accountability is written into the regulations and the ICO has enshrined this principle in their policies and in particular in their enforcement regime.

So what does this mean? For most people this is nothing to worry about. Take a look at the following top tips:

For Directors:

  1. Make sure your GDPR policies and procedures have been implemented across the organisation

  2. Identify an individual to act as your data representative - if in doubt take on this role yourself

  3. Include GDPR on your monthly management meetings - make GDPR art of what you do

  4. Keep your GDPR up to date and review key documents regularly

  5. Due diligence is vital - make sure you evidence everything you do. You might just need to prove that you have done what you say you do

For Managers:

  1. Make sure you understand your GDPR procedures

  2. Train your staff and ensure they understand how GDPR applies

  3. Conduct regular audits and spot checks - make sure you keep a log of these and address any issues immediately

  4. Raise any issues with the Senior Management team to protect yourself and ensure issues are resolved

  5. Due diligence is vital - make sure you evidence everything you do. You might just need to prove that you have done what you say you do

For Workers:

  1. Ask for GDPR training - make sure you understand how GDPR applies

  2. Watch out for SARs and Complaints - you must act on these

  3. Remember that you might be personally accountable - if in doubt ask your manager for advice

  4. Don’t use your own device or remove personal data from the office - avoid using data sticks and personal emails

  5. If an issues arises make a note and escalate immediately.

  6. Due diligence is vital - make sure you evidence everything you do. You might just need to prove that you have done what you say you do

As you might have noticed, due diligence is vital. If you are subject to an investigation you will need to prove that you have taken GDPR seriously and have considered GDPR in everything you do.

These are simple rules but they might just save your GDPR life.

Good luck all.