As the General Data Protection Regulation in EU, one of the main requirements is the responsibility and accountability. It is one of the key requirements that should be noticed and expanded as well. It must be including the maintenance time for the personal data and also the contact information for the DPO (data protection officer) and data controller that should be available.
The automatic decision making for the individual, such as profiling is created contestable. The residents today have their right ask and make decisions that influence them. It has been created based on the pure basis of algorithm.
The by design and by default privacy as stated in Article 25 need that the data protection is made into the improvement of business processes for the products and services. The privacy settings should be made in a high level by defaulting.
The Data Protection Impact Assessments as stated in article 35, should be directed when certain risks happen to the subjects’ freedoms of data and also rights. The mitigation and assessment of the risk is needed and need the support from DPA (Data Protection Authorities) is needed when the high risks occur. The data protection officers are to guarantee the compliance within the organizations.
The appointment for the Responsibility and Accountability in the Data Protection Regulation requirement:
· For the whole public authorities, excluding the courts that work in their judicial capacity.
· If the controller or processor’ main activities consists of;
1. The operations of processing that by their nature virtue, their purposes and/ or scope, need the regular and general monitoring of the subjects of data in the large scale.
2. Processing the data pursuant categories on the large scale to article 9 and the individual data related to criminal opinions and faults that are referred to the Article 10.