Which aspect of GDPR focuses on accountability for data processing activities?

The correct answer, accountability, is a fundamental principle enshrined in the General Data Protection Regulation (GDPR). It emphasizes that organizations must not only comply with data protection regulations but also be able to demonstrate their compliance through effective policies, procedures, and documentation. This principle requires data controllers and processors to take responsibility for their data processing activities, meaning they must implement appropriate measures and controls to protect personal data, and be prepared to show evidence of their compliance with GDPR provisions.

Accountability under GDPR extends to implementing data protection by design and by default, conducting Data Protection Impact Assessments (DPIAs) where necessary, and ensuring that all staff handling personal data are trained to adhere to data protection laws. Organizations must also maintain records of processing activities and be ready to cooperate with supervisory authorities on request. The accountability principle serves to ensure that individuals’ personal data is handled responsibly and transparently, thereby fostering trust between the data subjects and organizations.