DRAFT: TASIS GDPR FAQs
are and how we will meet them.
What is the “Accountability Principle” related to GDPR?
It’s about demonstrating our compliance with the GDPR. To show compliance, we must: • Implement appropriate technical and organisational measures.
• Maintain documents on our processing activities.
Simply put, with regards to Personal Data, we must be able to evidence: • what we hold;
• how it was obtained;
• why we process it;
• our legal basis for processing it;
• where and how it is stored;
• what security measures we have in place;
• who can access it, and why; and
• how long we retain it for and how we destroy it
What is “Privacy by design”?
It’s how we consider data protection before implementing a process, be it technical or organisational.