The Information Commissioner of the Isle of Man has issued guidance on “accountability” under GDPR. Being accountable means that all processing of personal data should be subject to overview, governance, and demonstrable compliance.
Regular monitoring, review and revision is required to ensure that processes, procedures and documentation remain fit for purpose, reflect the realities of the processing undertaken, and are adhered to by staff, processors and others. Accountability is, therefore, a continuous process of evidencing compliance and not a one-off exercise.