Accountability

Subscribe to Accountability

The UK’s Information Commissioner’s Office (“ICO”) published earlier this month its Accountability Framework, available here. The Accountability Framework is designed to assist companies demonstrate compliance with their accountability obligation under the General Data Protection Regulation (“GDPR”) and assess whether their current measures meet the ICO’s expectations.

The Accountability Framework consists of ten categories where the ICO expects companies to be able to demonstrate compliance:

  1. Leadership and oversight;
  2. Training and awareness;
  3. Transparency;
  4. Contracts and data sharing;
  5. Records management and security;
  6. Policies and procedures;
  7. Individuals’ rights;
  8. Records of processing and lawful basis;
  9. Risks and data protection impact assessments; and
  10. Breach response and monitoring.


Continue Reading The UK’s Supervisory Authority releases its Accountability Framework

The Bavarian Data Protection Authority (“Bavarian DPA”) has published an English-language version of a GDPR implementation audit questionnaire (“Questionnaire”). The Questionnaire is available here. The Questionnaire has been previously released in German.

Content of the Questionnaire

The Questionnaire includes questions on six topics:

  1. Structure and responsibility in the company
    • For example, is

The Superintendency of Industry and Commerce (‘SIC’) Colombia’s data protection agency, launched its Colombian Accountability Guidelines (the ‘Guidelines’). The first document of its kind in South America, the Guidelines are aimed at helping companies understand and implement Colombia’s Data Protection Regulation implemented in 2012, and reinforced by an additional regulation in 2013.

The advice mainly deals with the Colombian concept of ‘demonstrable responsibility’. This concept is akin to accountability and requires data controllers to be able to demonstrate that they have implemented appropriate measures to comply with Colombia’s data protection law, including by providing a description of the internal security procedures they have introduced and how the processed data is relevant to individuals. This concept has not been without critics, however, who raised concerns about how to comply and lead organisations to seek further guidance.
Continue Reading Colombia issues Accountability Guidelines to promote data protection compliance

The European Commission’s new draft data protection regulation was leaked to the press earlier this month. The proposal includes repeal of the present EU Data Protection Directive 95/46 and recommends a General Data Protection Regulation, as well as a Police and Criminal Justice Data Protection Directive.

The Commission appears to have made good its threats

In a bid to strengthen the European data privacy rules it is most likely that non-European companies will be held to the same standards as European companies in a bid to further protect EU consumer privacy.

The EU Justice Minister, Viviane Reding, and the German Consumer Protection Minister, Ilse Aigner, released a joint statement saying