Accountability makes individuals and organisations responsible for complying with GDPR and states that they must be able to demonstrate their compliance. The measures individuals and organisations take to meet the requirements of accountability include: 

• Adopting and implementing data protection policies
• Putting written contracts in place with organisations that process personal data on an individual's behalf
• Maintaining documentation of processing activities
• Recording and, where necessary, reporting personal data breaches
• Carrying out data protection assessments for uses of personal data
• Implementing appropriate security measures
• Appointing a data protection officer
• Adhering to relevant codes of conduct and signing up to certification schemes
• Taking a ‘data protection by design and default’ approach

Accountability requirements are constantly changing and evolving. Therefore, organisations must review and, where necessary, update the measures that are in place. Being accountable builds trust with individuals and helps to mitigate enforcement.