Skip to content

Comply with legal accountability

MYOBI uses Duthler Associates’ compliance methodology for being accountable or meeting the legal accountability for organizing the obligations of the TTP policy, in particular the legal and contractual obligations arising from the European General Data Protection Regulation (GDPR). Meanwhile, other legal frameworks exist that use the systematics of the GDPR. A prime example is the AI Act; regulates the use of artificial intelligence.

It is efficient for a corporate household to comply with the TTP policy that covers legal accountability for protecting data. It is nice that the legislature is regulating the use of a code of conduct in law. Aligning financial and data protection policy accountability timelines creates synergy in compliance work and can reduce effort and costs. Efficiency is increased with an integrated compliance approach to all these obligations.

What is it and what are the benefits?

An information ecosystem with confidential, reliable and available data from partners helps effectively conduct business and reduce and manage the operational costs and risks of doing business. We list several advantages for corporate management:

  • Under direction, providing partners (customers, internal and external employees and suppliers) with access to business and personal data, including trade secrets. This protects the company reputation;
  • Providing controlled access to company and personal data, including trade secrets of partners;
  • For the effective organization of the legal operations, the company and personal data from the information ecosystem are essential; and
  • Provide the foundation for senior management to be responsible for organizing compliance with legal, policy and contractual obligations. This provides the overview and insight needed for practical business risk management.

See value propositions and business case examples.

How can I organize my accountability?

Annual inspection

In order to be able to account for the entire year at the end of a year, sufficient compliance activities must be carried out during the year. Interim results of reporting may give rise to adjustments.

Based on a calendar year as the accounting period, the following is prepared in the first quarter of the new year for the previous year:

  • the self-declaration of the management; and
  • the confirmation of the self-declaration by the data protection officer (DPO).

The self-declaration consists of a statement by management about the maturity level achieved and the ambition for the coming year. This statement will be confirmed by the Company’s DPO or a designated DPO.

What is our approach?

Accounting for compliance with legal (GDPR and or Wbb) and contractual requirements requires an incisive approach. To protect personal data, we begin by identifying the business activities, the processes that support those activities, the risks that may arise to the business and/or the data subjects, and implementing measures that work effectively.

As much as possible is connected to available (standard) baselines that are supplemented with company-specific measures. Based on the risk analysis, it can be determined how often it must be established that a measure is effective. Then comes the organization in the organization of those responsible and executives who determine the effectiveness of the control measures in accordance with the determined periodicity.

Where should I start?

A company faces liability and cost risks if it is unable to meet its accountability obligations. This not only concerns fines or claims from the regulator, but also from those whose personal data is processed. In addition, there is a risk of reputational damage if data breaches occur that have not been discovered or have been handled incorrectly. In order to be able to account for itself, it is necessary that the company has effectively organized the protection of personal data.

The MYOBI Trust Network offers companies a practical accountability mechanism. Central to this is the organization of compliance by the company with legal and contractual obligations, in particular the TTP policy and therefore also with the TTP Code of Conduct GDPR. Every year, the management expresses itself in a self-declaration about compliance with this code of conduct, expressed in a maturity level. The maturity level is published on the MYOBI website.

The accountability mechanism is explained on the knowledge base. See: organising accountability. We ensure the internal control of the accountability mechanism on behalf of MYOBI.

Frequently Asked Questions

If we use MYOBI’s Accountability Seal can we continue to build an effective corporate compliance that includes risk and compliance management, contract management and support for the role of DPO?

Yes. A company can expand the compliance approach to a company-specific compliance function focused on the usual risk and compliance management topics and the specific IT Cloud issues.

Does MYOBI pay attention to IT Cloud and protecting personal data?

IT Cloud applications are indispensable in daily practice. Publications indicate that 80% of companies use MS 365, a popular cloud solution for organizing an office environment (and more). On behalf of MYOBI, Duthler Associates manages the TTP policy compliance approach, which incorporates more and more specific cloud measures.

Could we see the MYOBI Trust Network as an application of the corporate legal and compliance function?

Yes. From the perspective of MYOBI Trust Network, if desired sectoral or regional network or the company network (information ecosystem). The networks all use a few (interoperable) IT cloud suppliers, which thus facilitates an operational standard. MYOBI, a sector or a company uses the semantics to build and maintain its own information ecosystem.

What are the benefits of an information ecosystem?

In business, a company manages its reputation and uses the reputations of its partners. This allows a company to do business effectively and cost-efficiently. The MYOBI Trust Network and or a sectoral or regional network strengthens the benefits of the participants in the network by creating an effective basis of trust.

Latest news

What is the need for applying a Coordinated Vulnerability Disclosure (CVD)?

By: Caroline Willemse and André Biesheuvel Is your organization resilient to cyber attacks or other …

Submit your question to our experts

Questions about our services? Feel free to contact us, we are happy to help you.