Boddy Matthews

  Boddy Matthews  

Accountability and Governance


Accountability is at the heart of the objectives of the new General Data Protection Regulation (GDPR). Your organisation will need to be able to demonstrate that it values personal data and will ensure its protection. Compliance with the protection created by the GDPR is key. Data Protection should not be a box ticking exercise. It is a positive step towards the continued success of your business, particularly to assist you to control and process data in a coherent and secure manner.

The rate of proliferation of data, its use, the advent of artificial intelligence and other aspects of sharing data in the UK and cross border ensures continued successful connectivity. The framework in the GDPR is welcome to establish an element of control.


My organisation takes data protection seriously, but how do I show it?

  • Educate the board and senior management:
    • Data protection officers must report directly to the highest management level of the organisation. Buy in from the top is crucial.
  • Allocate time, responsibility and money to ensure data is protected:
    • Consider if you are obliged to appoint a data protection officer and if not whether you may appoint an informal one in any event.
    • Ensure the ongoing success of your commercial relationships.
  • Implement an appropriate training programme on data protection:
    • Ensure that training is specific to your organisation as well as general data protection areas
    • Review your policies and procedures regularly and ensure employees are familiar with them
  • Demonstrate compliance:
    • Carry out frequent, ongoing data audits to understand what data you hold, how you hold it review data protection policies
    • Identify where personal data is processed and how information will be kept up to date. Maintain internal records of all processing activities.
    • Maintain an internal breach register
    • Where appropriate implement technical and organisational measures e.g. pseudonymisation,
  • Consider carrying out Privacy Impact Assessments (PIA):
    • Whilst not mandatory for all organisations, carrying out a PIA will help demonstrate accountability
    • Assess the risks to the rights of data subjects and measures to address those risks
  • Demonstrate consent:
    • Where relying on consent for processing data, record the individual consent and the subject of it.  

Office Address


Boddy Matthews Limited
7-11 High Street
Reigate, Surrey




+44 (0) 1737 339838

Chambers / Legal 500


undefined undefined

Follow Us


Facebook Twitter Pinterest Linkedin

Legal Information


Company Information
Terms of Business
Anti-Bribery & Corruption Statement
Slavery & Human Trafficking Statement
Diversity Policy
Privacy Policy
Cookie Policy