Accountability

The GDPR is designed to ensure organisations are more accountable for their personal data processing activities.

This is emphasised by the fact that there is a new obligation to report data security breaches to the ICO within 72 hours of becoming aware of the breach and by the maximum level of fine that can be administered (€20million, or 4% of global annual turnover if higher). Hacking issues and leaks that have occurred over the past year or so emphasise the need for having a plan in place to contain and manage a data breach.

Accountability makes you responsible for complying with GDPR and means that you have to be able to demonstrate your compliance on an on-going basis and should a regulator later ask you for evidence. It can apply to any aspect of GDPR compliance, including for example:

  • Implementing appropriate data protection policies and data security measures; 
  • Implementing appropriate training, awareness raising, monitoring and audits; 
  • Ensuring you have a record of processing activity where required; 
  • Ensuring you have appointed a Data Protection Officer where required; 
  • Adopting “data protection by design and by default”, and where appropriate carrying out data protection impact assessments; 
  • Having appropriate written contracts in place when engaging others to process data on your behalf.

The focus on accountability should also have an impact on record keeping relating to decision making under the GDPR. For example, you’ll need to keep a record of your assessment as to whether the legitimate interests condition for processing is met, and any decisions to supply or withhold information in response to a subject access request.

Practical steps to take now

  1. Review the existing procedures you have for dealing with breaches – for example: 
    - Are the right people involved, both to take decisions and to undertake technical activities to try to minimise the scale of breach and consequences on data subjects?
    - How are the right people going to be contacted if a breach is discovered at 5.45pm on a Friday or midday on a Sunday?
  2. Download our checklist and keep the right records so you are able to demonstrate compliance.

Main contacts

Contact one of our lawyers to discuss your GDPR concerns.

  • Gary Attle

    Gary Attle

    Partner

    • +(44)(0)1223 222394
    • Email Gary

      Contact Gary Attle

      * = required

       
       
         
       

      Mills & Reeve will use the information you provide in this form in accordance with our privacy policy. We may from time to time send you general updates by email or post that we think you will find of interest. This includes notification of upcoming event and updates or alerts containing relevant legal news. You can update your preferences at any time and will be able to easily unsubscribe from anything that you do not wish to receive.

      Thank you

      Thank you for your enquiry. We will be in touch shortly.

    • Cambridge
  • Richard Sykes

    Richard Sykes

    Partner

    • +(44)(0)121 456 8436
    • Email Richard

      Contact Richard Sykes

      * = required

       
       
         
       

      Mills & Reeve will use the information you provide in this form in accordance with our privacy policy. We may from time to time send you general updates by email or post that we think you will find of interest. This includes notification of upcoming event and updates or alerts containing relevant legal news. You can update your preferences at any time and will be able to easily unsubscribe from anything that you do not wish to receive.

      Thank you

      Thank you for your enquiry. We will be in touch shortly.

    • Birmingham
  • Peter Wainman

    Peter Wainman

    Partner

    • +(44)(0)1223 222408
    • Email Peter

      Contact Peter Wainman

      * = required

       
       
         
       

      Mills & Reeve will use the information you provide in this form in accordance with our privacy policy. We may from time to time send you general updates by email or post that we think you will find of interest. This includes notification of upcoming event and updates or alerts containing relevant legal news. You can update your preferences at any time and will be able to easily unsubscribe from anything that you do not wish to receive.

      Thank you

      Thank you for your enquiry. We will be in touch shortly.

    • Cambridge
  • Paul Knight

    Paul Knight

    Partner

    • +(44)(0)161 234 8702
    • Email Paul

      Contact Paul Knight

      * = required

       
       
         
       

      Mills & Reeve will use the information you provide in this form in accordance with our privacy policy. We may from time to time send you general updates by email or post that we think you will find of interest. This includes notification of upcoming event and updates or alerts containing relevant legal news. You can update your preferences at any time and will be able to easily unsubscribe from anything that you do not wish to receive.

      Thank you

      Thank you for your enquiry. We will be in touch shortly.

    • Manchester
Mills & Reeve Sites navigation
A tabbed collection of Mills & Reeve sites.
Sites
My Mills & Reeve navigation
Subscribe to, or manage your My Mills & Reeve account.
My M&R
Register or login

Register or login Get all the benefits of MyM&R but registering or logging in ulla vehicula mauris mattis hendrerit fermentum. Etiam placerat hendrerit dapibus. Praesent ligula felis, eleifend sed odio quis, feugiat eros. Aliquam vitae felis fermentum, posuere nulla ut, maximus magna.

Staff intranet
Log in to the intranet
Client extranet
Log in to the extranet