On June 7, 2016, the EU’s top data protection official Giovanni Buttarelli informed in a Press release that the European Data Protection Supervisor (EDPS) has launched an accountability initiative. The EDPS will visit various EU organizations to educate them about their future accountability under the GDPR. While the accountability initiative is primarily aimed at EU institutions and authorities, it should also serve as an incentive for national data protection authorities.
The GDPR brings with it a shift in accountability and thus a change in culture. EU organizations will increasingly have to take responsibility for data protection and it will be up to them – and not the data protection authorities – to demonstrate compliance. The GDPR enshrines accountability of organizations as a principle and obliges them to implement appropriate technical and organizational measures to ensure the rights of data subjects. For this purpose, the questionnaire developed by the EU Data Protection Officer (EDPS data protection accountability questionnaire) serve as a template.