Registration window open (1 Jan - end of Feb)

If you use personal data in your work you are legally obliged to register during January and February each year.
NEW REGISTRATION? View guidance and create new registration here
EXISTING REGISTRATION? Sign-in to Registrations Portal here

GUIDANCE: Accountability and Governance

Last updated: 29 November 2020

The Law includes provisions that promote accountability and governance. These complement the Law’s transparency requirements. While the principles of accountability and transparency have previously been implicit requirements of data protection compliance, the Law’s emphasis elevates their significance.

You are expected to put comprehensive, but proportionate, governance measures into place. Good practice tools such as data protection impact assessments (DPIAs) and privacy by design are now legally required in certain circumstances.

Ultimately, these measures should minimise the risk of breaches and uphold the protection of personal data. Practically, this is likely to mean more policies and procedures for organisations, although many organisations will already have good governance measures in place.

What is the accountability principle?

The accountability principle in Section 6(2)(g) requires you to demonstrate that you comply with the data protection principles and states explicitly that this is your responsibility.

How can I demonstrate that I comply?

You must: