Thought I'd blogged this a few days ago but I guess I forgot to hit Publish - Opinion 3/2010 on the principle of accountability, July 2010, from the Article 29 Working Party.
And the accompanying press release 16 July 2010 (p. 2 is on the accountability opinion) -
A statutory accountability principle would explicitly require data controllers to implement appropriate and effective measures to put into effect the principles and obligations of the Directive and demonstrate this on request. In practice this should translate into effective scalable compliance programs aiming at implementing the existing data protection principles, and controllers should be able to demonstrate to data protection authorities, upon their request, that their program fulfils the requirement of accountability. The type of procedures and mechanisms would vary according to the risks represented by the processing and the nature of the data.
©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.