Skip main navigation

The accountability principle

What is the GDPR's accountability principle and how is legal compliance demonstrated by data controllers? Dr. Bo Zhao discusses this topic here.
© University of Groningen

The key concept of the GDPR is that controllers need to be able to show that their processing activities are in line with the data processing principles determined by the GDPR. The accountability principle in Article 5 (2) means that controllers are responsible for and should be able to demonstrate their compliance with the GDPR data processing principles listed in Article 5 (1).

The GDPR furthermore requires that controllers implement appropriate procedural and technical measures to protect personal data. They need to be able to show that they have taken concrete measures within their capacity to meet their obligations Article 24.

But how do controllers show that they have taken appropriate measures and that processing activities are in line with the GDPR? This requires clear evidence, for example:

  • Documentation of comprehensive privacy policies;

  • The appointment of a data protection officer and representatives;

  • Adopting and following codes of conduct or Binding Corporate Rules;

  • Keeping records of all data processing activities.

This evidence needs to demonstrate that concrete steps have been taken to comply with the GDPR provisions in order to meet their obligations.

If you want to know more about this topic, you can read the following two articles below.

© University of Groningen
This article is from the free online

Understanding the GDPR

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now