True or False: Both controllers and processors have accountability obligations under GDPR.

The statement is true because both data controllers and data processors have specific accountability obligations under the General Data Protection Regulation (GDPR).

Under GDPR, the data controller is the entity that determines the purposes and means of processing personal data, while the data processor is an entity that processes data on behalf of the controller. Both parties are responsible for ensuring that personal data is handled in compliance with the GDPR's requirements.

The accountability principle, articulated in Article 5(2), emphasizes that both controllers and processors must be able to demonstrate compliance with the GDPR. This includes maintaining documentation of data processing activities, ensuring appropriate technical and organizational measures are in place to protect personal data, and being prepared for audits and inquiries from regulatory authorities.

Thus, both roles carry accountability obligations to maintain trust and protect individuals' privacy rights, creating a shared responsibility for data protection under GDPR.