Original scientific paper
https://doi.org/10.3935/zpfz.74.2.03
Accountability Principle and Appropriate and Effective Measures According to the General Data Protection Regulation
Hrvoje Lisičar
; Faculty of Law, University of Zagreb, Zagreb, Croatia
Abstract
With the adoption of the General Data Protection Regulation (EU) 2016/679 in the legislative framework governing the protection of personal data in the European Union, the legislator introduced as a novelty the principle of accountability. By introducing this principle, the legislator wanted to emphasize the accountability of the controller (and processor) of personal data as the responsible entities for correct and law-compliant handling of personal data processing, which is also aligned with the level of risk for the individual. For the principle of accountability to be realized, the responsible entities must actively implement appropriate and effective measures during the entire period of personal data processing to guarantee compliance with the prescribed rules for the protection of personal data, whereby the burden of proof of the fulfilment of the requirements imposed by the principle of accountability rests with the accountable entities themselves. The paper analyses the reasons that were decisive for the introduction of the principle of accountability in the legislative framework for data protection and its connection with previously established principles that must be applied when processing personal data. Furthermore, the provisions which regulate the implementation of appropriate and effective measures to comply with the requirements of the General Data Protection Regulation are considered. Also, we consider their connection with the level of risk for individual rights, better protection of personal data and the realization of the principle of accountability. Finally, the paper analyses recent decisions of the EU Court, national courts of EU member states, and decisions of competent national regulatory authorities which are related to the application of the principle of accountability in the processing of personal data and the implementation of appropriate and effective measures to comply with the requirements of the Regulation.
Keywords
General Data Protection Regulation; GDPR; data protection; personal data; principle of accountability; technical and organizational measures; data security
Hrčak ID:
319107
URI
Publication date:
28.6.2024.
Visits: 393 *