Accountability & Governance
How can accountability be demonstrated?
Accountability can be demonstrated by applying appropriate documented internal procedures which determine how it has been decided to comply with the obligations set out in the GDPR. All obligations imply drawing up written documents which may be useful to demonstrate compliance with the GDPR to the supervisory authority. Some procedures and written documents, instead, are to be made available to the supervisory authority on request or if this is required by the GDPR.
How to organise governance?
A systematic and regular monitoring activity of the procedures may be applied through:
1. organisation of a team, meeting at regular intervals, in order to discuss the level of implementation of the internal procedures and raise doubts and gaps
2. written documentation of the results of the team’s meetings
3. where appropriate or if there are particular gaps, seek the opinion and recommendations of the DPO (if appointed) on adjustments of the internal procedures, also in the event of legislative amendments
4. reporting to the highest management level – if not attending the meetings – the necessary adjustments to improve the internal procedures.