Overview

Accountable doesn't cover full GDPR Compliance, however it does help with a lot of the administrative elements, as there is a lot of overlap with what is administratively required under HIPAA Compliance.

Once Accountable is implemented for GDPR, annual maintenance is needed, as GDPR compliance has multiple annual requirements.

🚧

Accountable does not cover all requirements under GDPR. Below we list all requirements. Those that we cannot cover under Accountable, will be marked with a (Not Covered) or (Partially Covered) tag.

Onboarding

Below is our suggested process for onboarding Accountable. It is a 6-step process:

1. (Not Covered) Assign a Data Protection Officer (DPO)
2. (Partially Covered) Setup Data Inventory & Mapping
3. (Not Covered) Record of Processing Activities (ROPA)
4. (Not Covered) Consent & Cookie Management
5. Vendor Management
   1. Send Data Processing Agreements (DPAs)
   2. Send Vendor Risk Questionnaires
6. Create Policies & Procedures
7. Privacy Center Implementation
8. Invite your Team and Assign Training, Policy & Procedure Attestation, and Incident Reporting Acknowledgement
9. Complete a Data Protection Impact Assessment (DPIA)

Additional Implementation

• Incident Response
• Multi-Tenant Setup via Locations

Key Resources

• Best Practices for Maintaining Compliance
• Team Member Training
• Incident Response
• Getting Support
• Sharing your Feedback/Ideas

Additional Resources

• How to Determine If Your Organization Is a Covered Entity | Blog
• HIPAA Compliance Checklist for Small Practices | Blog