The accountability principle in Article 5(2) of the GDPR requires organisations to demonstrate compliance with the principles of the GDPR. Article 24 sets out how organisations can do this by requiring the implementation of appropriate technical and organisational measures to ensure that organisations can demonstrate the processing of personal data is performed in accordance with the GDPR. What appropriate means is largely dependent on the specifics of the individual company. There is no silver bullet. What works for one company does not necessarily work for another, but the obligation to demonstrate compliance exists in all instances and a structured approach to GDPR compliance works for all organisations.
