Article 24 - Responsibility of the controller

Article 24 obliges the data controller to adopt appropriate technical and organisational measures to ensure and be able to demonstrate compliance with the GDPR. The controller must maintain records, monitor processing activities and regularly assess the effectiveness of its data-protection policies. This responsibility includes updating measures as needed to address emerging risks.