Get Free Downloads
Start your GDPR today in just a few clicks
Get Free Downloads
Start your GDPR today in just a few clicks

No Place To Hide

by Adam Brogden
in Blog

19-Feb-2019 11:07

One of the key principles of the GDPR is accountability. This means that you are responsible for complying with the law and that you must be able to demonstrate your compliance. This also applies to your staff, contractors, interns, volunteers, and any third parties you engage or share data with. In fact you could be held responsible for simple admin errors made by your staff unless you can prove that you have taken every precaution, trained them, reminded them, put appropriate terms in their contracts, and double checked all these things.

Training is vital! GDPR training is essential and documenting the fact that your staff have been trained might just save your skin. Beware of the staff member that claims, 'We did have some training but I wasn’t listening and didn't understand it anyway’.

The following is taken from the ICO website:


  • Accountability is one of the data protection principles - it makes you responsible for complying with the GDPR and says that you must be able to demonstrate your compliance.

  • You need to put in place appropriate technical and organisational measures to meet the requirements of accountability.

  • There are a number of measures that you can, and in some cases must, take including:

    • adopting and implementing data protection policies

    • taking a ‘data protection by design and default’ approach

    • putting written contracts in place with organisations that process personal data on your behalf

    • maintaining documentation of your processing activities

    • implementing appropriate security measures

    • recording and, where necessary, reporting personal data breaches

    • carrying out data protection impact assessments for uses of personal data that are likely to result in high risk to individuals’ interests

    • appointing a data protection officer

    • adhering to relevant codes of conduct and signing up to certification schemes.

  • Accountability obligations are ongoing. You must review and, where necessary, update the measures you put in place.

  • If you implement a privacy management framework this can help you embed your accountability measures and create a culture of privacy across your organisation.

  • Being accountable can help you to build trust with individuals and may help you mitigate enforcement action.


The key to remaining safe is good record keeping, being able to prove that you have taken reasonable steps and done everything you should to protect your data.

The ICO is fierce and unfriendly. There are no prizes for trying hard. Keep records of everything!

Call us if you need any help or advice. We are friendly and helpful and always on your side.

Good luck all.