The principle that you must not only comply with the GDPR but be able to demonstrate it with records and policies.
Accountability makes the controller responsible for, and able to demonstrate, compliance with the data-protection principles — through records, policies, DPIAs, training and governance.
It is why documentation (like ROPAs and LIAs) matters: 'we comply' is not enough; you must be able to show it.
In the Regulation
Related terms
Records of Processing ActivitiesThe internal inventory of your processing activities that most organisations must maintain under Article 30.Data Protection Impact AssessmentA structured risk assessment you must run before high-risk processing, to identify and reduce privacy risks.Data controllerThe organisation or person that decides why and how personal data is processed — and carries primary responsibility under the GDPR.
Need this applied to your business?
Our data-protection lawyers turn GDPR terms into a working plan.