The notion of accountability is not new to data protection law and policy. What is new, though, is that it is becoming more and more relevant in practice and is on its way to becoming one of the most important data protection principles on a global scale.
Long gone are the days when accountability was a mostly ignored notion about allocating responsibility for privacy compliance. There is a clear trend for the accountability principle to require organisations to take a proactive and systematic approach to privacy through the implementation of appropriate and demonstrable data protection measures, increasingly referred to as privacy management programs. This trend is set to continue as:
- international data protection instruments are being updated in relation to the accountability principle;
- mandatory accountability obligations are introduced in more and more national privacy laws and regulations; and
- national data protection regulators are releasing accountability guidelines explaining to organisations what they need to do in practice in order to satisfy their privacy obligations.
Accountability is in the process of setting a global standard for, and becoming a key to, good privacy compliance and governance. In this series, we will explore the accountability principle from a practical perspective. To set the scene, we will provide an overview of the evolution of the accountability principle in international data protection instruments. Against this background, we will then look at the accountability guidelines issued by national regulators so far and some other countries’ legislative and policy approaches to accountability. Finally, we will draw out the key takeaways and must-dos for private sector organisations to become accountable organisations.