What is the declaration of accountability?
A data controller responsible for processing personal data must be able to demonstrate compliance with the law. This also includes being able to demonstrate the effective operation of measures taken to protect personal data. Accountability has been further elaborated by the Dutch Data Protection Authority. Through an accountability review, an organization can demonstrate that it is accountable according articles 5, second paragraph, and 24 GDPR.
Data processors who are contracted to a data controller must also account to the controller for their compliance with the GDPR. The data controller must review the accountability of the processor, before being able to use the review to demonstrate his own accountability.
An accountability study makes it possible for the management of an organization, whether a controller or a processor, to demonstrate accountability.
The accountability review meets the requirements of governance and compliance as laid down in section 2:391, subsection 5 of the Dutch Civil Code, and elaborated in various codes of governance. The results of the accountability review can be included in the assurance activities of, for example, the chartered accountant auditing the annual accounts. The accountability review consists of the following:
- Compliance with legal policies and baselines;
- Presenting the organization’s maturity level to society by statements of the leadership of the organization, the DPO’s report and internal control by an internal or external professional; and
- Implementation of an appropriate internal control program, based on evidence that demonstrates the effective operation of the management and security measures that have been put in place.
Het gaat om het vaststellen van compliance met relevante wet- en regelgeving. Het verantwoordingsonderzoek is uitgewerkt door professionals zoals Register FG’s, Registeraccountants en Register IT Auditors en wordt toegepast door een keur van bedrijven en instellingen.
Duthler Associates collaborates with a Trusted Third Party (TTP), MYOBI, to establish the maturity level of the organization to society. Examples are:
- Lister (Dutch)
- PWN (Dutch), registration in the register; and
- Zonnehuisgroep Noord (Dutch), registration in the register.
The accountability study meets several legal frameworks, provides the management of the organization the possibility to comply with the accountability requirement at a speed of ‘what is possible’, and creates the possibility to assign the internal control task as much as possible to the organization’s own employees. The advantages at a glance:
- Creates and demonstrates effective compliance with legislation within the capabilities of the organization;
- Offers a useful accountability and communication tool for all those involved, including user groups, employees’ council and society. The management of the organization demonstrates its respectful and honest handling of personal data. Those involved are taken seriously;
- By using comprehensive legal policies and baselines, one accountability review and one accountability statement can be used for several supervising bodies. This is not only effective but also cost-efficient;
- The results of the surveys are recorded automatically and systematically. This creates management information aimed at improving internal control; and
- The liability and cost risks of non-compliance are made manageable for the organization, the management and the DPO.
Wij regelen het proces van het uitvoeren van verantwoordingsonderzoeken voor u in. Hierbij wordt gebruik gemaakt van passende legal policies en baselines. De interne controle wordt ondersteund door IT. Wij kunnen u assisteren of de rol van interne controle overnemen.
Heeft u vragen of opmerkingen? Laat het ons weten. Wij zijn bereikbaar via +31 0(70) 392 22 09 en firstname.lastname@example.org. Download hieronder de folder.Folder Verantwoordingsonderzoek (