gdpr-accountability
Installation
SKILL.md
Implementing GDPR Accountability Framework
Overview
The accountability principle under Art. 5(2) requires controllers to not only comply with data protection principles but to demonstrate that compliance. Art. 24 operationalises this by requiring appropriate technical and organisational measures that can prove compliance, reviewed and updated where necessary. This skill provides a complete framework for building and maintaining the accountability evidence portfolio.
Accountability Documentation Inventory
Tier 1: Governance Documents
| Document | GDPR Reference | Purpose |
|---|---|---|
| Data Protection Policy | Art. 24(2) | Top-level commitment to data protection principles, approved by senior management |
| Data Protection Strategy | Art. 24(1) | Multi-year plan for embedding data protection across the organisation |
| Data Protection Governance Charter | Art. 24(1), 38 | Defines roles, responsibilities, reporting lines, and decision-making authority |
| DPO Appointment and Terms of Reference | Art. 37-39 | Formal appointment, independence, resources, and reporting line |
| Data Protection Training Framework | Art. 39(1)(b) | Training curriculum, frequency, target audiences, and assessment criteria |