Print

Accountability

Accountability is a common principle for organisations across many disciplines; the principle embodies that organisations live up to expectations for instance in the delivery of their products and their behaviour towards those they interact with. The General Data Protection Regulation (GDPR) integrates accountability as a principle which requires that organisations put in place appropriate technical and organisational measures and be able to demonstrate what they did and its effectiveness when requested.

Organisations, and not Data Protection Authorities, must demonstrate that they are compliant with the law.  Such measures include: adequate documentation on what personal data are processed, how, to what purpose, how long;  documented processes and procedures aiming at tackling data protection issues at an early state when building information systems or responding to a data breach; the presence of a Data Protection Officer that be integrated in the organisation planning and operations etc.

In 2015, in anticipation of the GDPR, the EDPS initiated a project to develop a framework for greater accountability in data processing to be applied to our own organisation, as an institution, a manager of financial resources and people - and a controller.

In addition, we have started to promote the accountability principle through visits to small, medium and large EU bodies to explain the new obligations resulting from the revised legal framework and the implications for EU institutions and the EDPS' work as their supervisory authority.

Filters

1
Aug
2024

Supervisory Opinion on retention periods of personal data regarding Marie Sklodowska-Curie actions candidates and funded researches

EDPS Supervisory Opinion on retention periods of personal data regarding Marie Sklodowska-Curie actions candidates and funded researches. 

Available languages: English
8
Mar
2024

EDPS decision on the investigation into the European Commission's use of Microsoft 365

On 8 March 2024, the EDPS adopted a decision following its investigation into the European Commission's use of Microsoft 365. In the decision, the EDPS focused on compliance with provisions of Regulation (EU) 2018/1725 related to purpose limitation and international transfers and unauthorised disclosures of personal data (see also press release).

Available languages: English
9
Nov
2023

Supervisory Opinion on the use of social media monitoring for epidemic intelligence purposes by the European Centre for Disease Prevention and Control

Supervisory Opinion on the use of social media monitoring for epidemic intelligence purposes by the European Centre for Disease Prevention and Control (ECDC)

Available languages: English