Accountability Principle

The accountability principle is codified in Art. 5(2) GDPR and requires data controllers to demonstrate compliance with all data-protection principles. In practice this means that being compliant is not enough — you must also document it. Typical evidence includes records of processing activities, data-protection impact assessments, training records, and audit reports. In an ISMS, structured document management directly supports the accountability principle. Missing documentation can lead to fines during a supervisory audit, even if the actual measures were in place.