The accountability principle signifies a step change in data protection legislation. This principle requires organisations to be able to demonstrate their adherence to the data protection principles, which in turn means they now need to better understand personal data risk and how it can be mitigated.
In order to demonstrate accountability an organisation must now maintain records of how it meets all of the principles, plus how it maintains the rights of the data subject. For larger organisation the regulation mandates the documentation of activities in the record of processing activities, however smaller organisation also need to be able to demonstrate accountability, so understand how you process personal data is an important step to demonstrating accountability.
Previous legislation did not contain an accountability principle, which meant that regulators would only be able to enforce any action if an issue were to arise. The new principle now provides for the supervisory authority to review an organisations practices without any issue being identified.