Accountability
The GDPR establishes the general level of responsibility that data controllers, such as entities and public administrations, have for any processing of personal data that data controller carry out directly, or that others have carried out on their behalf.
In particular, the data controllers are not only required to put adequate and effective measures in place but must also be able to demonstrate the compliance of their processing activities with the GDPR itself.
In practice, in the application of the principle of subsidiarity, each owner is called to set, within their organization, the rules (both technical and organizational) to integrate the general principles of the GDPR into business processes. For example, they must adopt internal processing policies and demonstrate the implementation of these policies.
Both entities and PAs perform this delicate function through the people who naturally exercise the function of the owner, that is, through the C-LEVEL or...
