Meeting the (legal) accountability obligation
The users of the Trust Network manage their reputation by sharing confidential, reliable and available company and personal data. The company shares some of this data with the public. In addition, the company shares another part with its partners if they also share their data with the company. It is essential for the added value of sharing company and personal data that this data has a demonstrable quality.
The legislator sets requirements for the protection of data, in particular personal data. Companies have an accountability obligation, as referred to in Article 5, paragraph 2 of the GDPR. MYOBI uses this accountability to organise compliance with legal and contractual obligations, particularly the TTP policy. The TTP Code of Conduct GDPR is part of the TTP policy. MYOBI facilitates the users of the network with a practical compliance approach.
What are the benefits?
Organizing accountability compliance is a challenge for companies. Organizing accountability compliance across a network by all collaborating partners is virtually impossible. This is only possible with the intervention of a trusted third party.
MYOBI, in the role of a trusted third party, facilitates companies in organizing their internal and external accountability. Central to this is a practical compliance approach, which is aimed at meeting the obligations of the TTP policy, the TTP Code of Conduct GDPR and other legal and contractual obligations.
1. Practical compliance approach
MYOBI has developed a practical and cost-effective compliance approach for companies. Read more about the compliance approach in the business knowledge base.
2. Association IE
The association has drawn up the TTP Code of Conduct GDPR and has asked MYOBI to organize compliance with the code of conduct in an accessible manner. Read more in the business knowledge base about Association IE.
3. Dispute Resolution
MYOBI facilitates its users with a practical and cost-effective method of dispute resolution based on mediation. Read more in the corporate knowledge base, dispute resolution.
Download the factsheet
A further explanation has been elaborated in a the factsheet.
The five maturity levels
The board of directors and management of a company account for themselves in a self-declaration about effective compliance with the TTP policy, in particular the TTP Code of Conduct GDPR. In doing so, management also fulfills its legal accountability for protecting personal data.
In the self-declaration, the leadership indicates with an Accountability Seal the company’s level of maturity for data protection and information security.
MYOBI provides a detailed explanation of the compliance approach and accountability on the corporate knowledge base.
Frequently Asked Questions
We can say that the compliance approach is aimed at a periodic (at least annual) accountability of the company management about the organization of compliance with legal and contractual obligations, in particular the TTP policy. effectively complies with the company's legal obligation (Article 5(2) of the GDPR) and at the same time fulfills the obligations of the TTP policy. It is an explicit audit of compliance with the assurance statement of results. An assurance statement from a Chartered Accountant from an EDP Auditor is not required.
Read more here.
A company must comply with legal accountability and also wants to demonstrate that it is demonstrably fulfilling its contractual obligations. In addition, a company will want to protect its reputation and inform its partners about the reliability of its business and personal data.
It is relevant that a business user periodically accounts for the effective protection of company and personal data. Conversely, the business user's partner also wishes to be informed about the degree of protection of his business and personal data.
An Accountability Seal, which is established periodically by the company management and is included in a freely accessible register, provides the necessary functionality to provide that information. Society (for example partners, persons, supervisors and third parties) gets an impression of the quality of the business and personal data managed by a company.
Read more here.
A company uses the MYOBI compliance approach for accountability. In doing so, the company organizes its compliance with legal and contractual obligations in the field of data protection, in particular the TTP policy, which includes the TTP Code of Conduct GDPR. This compliance approach aligns with other common accountability obligations and follows a proven process.
In discussions with company management, department management and other employees of the organization, MYOBI's compliance employees refer to the compliance process described here.
Every year, MYOBI helps business users with this compliance approach. She facilitates the compliance process that ultimately results in an Accountability Seal. MYOBI records the Seal and publishes it on its website. The responsibility for meeting accountability rests with senior management and management. The DPO of the company confirms the outcome of the justification by the company management. MYOBI helps with methods, techniques and a process. The compliance professionals perform a plausibility test aimed at reconfirming accountability.
Read more here.
The users of information ecosystems have united in the Association of participants in an Information Ecosystem (hereinafter VIE). Anyone who is a business (not aspiring) user of the trust network automatically becomes a member of this association. VIE has contributed to the development of the TTP Code of Conduct AVG. MYOBI has included the code of conduct in the TTP policy and facilitates companies to organize the application of this code of conduct in the accountability process.
Read more here.