Skip to the main content

Zbornik Pravnog fakulteta u Zagrebu, Vol. 74 No. 2, 2024.

Original scientific paper

https://doi.org/10.3935/zpfz.74.2.03

Accountability Principle and Appropriate and Effective Measures According to the General Data Protection Regulation

Hrvoje Lisičar ; Faculty of Law, University of Zagreb, Zagreb, Croatia

Full text: croatian pdf 284 Kb

page 217-253

downloads: 0

cite

Abstract

With the adoption of the General Data Protection Regulation (EU) 2016/679 in the legislative framework governing the protection of personal data in the European Union, the legislator introduced as a novelty the principle of accountability. By introducing this principle, the legislator wanted to emphasize the accountability of the controller (and processor) of personal data as the responsible entities for correct and law-compliant handling of personal data processing, which is also aligned with the level of risk for the individual. For the principle of accountability to be realized, the responsible entities must actively implement appropriate and effective measures during the entire period of personal data processing to guarantee compliance with the prescribed rules for the protection of personal data, whereby the burden of proof of the fulfilment of the requirements imposed by the principle of accountability rests with the accountable entities themselves. The paper analyses the reasons that were decisive for the introduction of the principle of accountability in the legislative framework for data protection and its connection with previously established principles that must be applied when processing personal data. Furthermore, the provisions which regulate the implementation of appropriate and effective measures to comply with the requirements of the General Data Protection Regulation are considered. Also, we consider their connection with the level of risk for individual rights, better protection of personal data and the realization of the principle of accountability. Finally, the paper analyses recent decisions of the EU Court, national courts of EU member states, and decisions of competent national regulatory authorities which are related to the application of the principle of accountability in the processing of personal data and the implementation of appropriate and effective measures to comply with the requirements of the Regulation.

Keywords

General Data Protection Regulation; GDPR; data protection; personal data; principle of accountability; technical and organizational measures; data security

Hrčak ID:

319107

URI

https://hrcak.srce.hr/319107

Publication date:

28.6.2024.

Article data in other languages: croatian

Visits: 0 *