Helen Dixon, the Irish Data Protection Commissioner, shared her perspective on the General Data Protection Regulation (GDPR) at the recent European data protection event in Berlin.
Ms Dixon started off saying she feels extremely positive about the legislative process with regard to the GDPR, including the current phase of preparing for the GDPR coming into effect. She has found that many companies believe this law was needed as it provides protection for both individuals and businesses alike.
She then went on to highlight the fact that public-sector companies lack the motivation that is driving private organisations to comply. This may be because the Irish government is proposing to make public-sector bodies exempt from fines for breaching the GDPR.
Ms Dixon then went on to elaborate on the principle of accountability and how, in her view, coming changes will be largely driven by the accountability issue.
What is the principle of accountability?
The new accountability principle in Article 5(2) requires organisations to “be responsible for, and be able to demonstrate compliance with,” the principles of the GDPR.
How can you demonstrate accountability under the GDPR?
- Implement appropriate technical and organisational measures that ensure and demonstrate your compliance. This should include internal data protection policies, staff training, internal audits and reviews of HR policies.
- Document and maintain all processing activities.
- When appropriate, appoint a data protection officer.
- Implement measures to meet the principles of data protection by design and by default.
Are you accountable for your data yet?
With IT Governance’s GDPR data flow audit, you receive a thorough audit that will help you become accountable by identifying where your data resides. It will also enable you to implement measures to reduce your risk of a breach.
Meet the GDPR’s requirements by taking this essential first step in the implementation process. Enquire now.