Accountability

Accountability is a core principle under the EU GDPR. According to Article 5(2), data controllers (organizations) are not only required to comply with data protection principles but must also be responsible for and able to "demonstrate" their compliance. This means organizations must establish and maintain comprehensive policies, procedures, and records for regulatory review, shifting from passive compliance to active responsibility.

While Taiwan's Personal Data Protection Act (PDPA) doesn't explicitly name "accountability," it adopts a "presumption of fault" principle, requiring companies to bear the burden of proof in data breaches to show no intent or negligence. Recent amendments have significantly increased fines up to TWD 15 million. Furthermore, for businesses in international supply chains like semiconductors and automotive, or those dealing with EU partners, demonstrating robust data protection capabilities is crucial for securing contracts and trust.

The most directly related regulation is the EU's General Data Protection Regulation (GDPR), specifically Article 5(2). In terms of ISO standards, the entire framework of ISO/IEC 27701 (Privacy Information Management System) is built on accountability. It extends the controls of ISO/IEC 27001 (Information Security Management System), with Annex A.5.34 of the 2022 version specifically addressing privacy and PII protection.

Winners Consulting is Taiwan's pioneering consultancy integrating ERM, industrial engineering, technology law, and data science. Led by a founder with a background in preventive law, our team includes lawyers and ISO Lead Auditors. We help companies seamlessly integrate requirements from GDPR and ISO 27701 into their existing internal control and corporate governance frameworks, building a truly effective and demonstrable Privacy Information Management System (PIMS) without redundant efforts.