The TTP Code of Conduct GDPR is based on an accountability process with an unambiguous assessment framework and quality assurance resulting in different maturity levels. This accountability process is coordinated with the Association IE, of which (paying) business users of the Trust Network are members and offers the individual user much comfort. Companies are mutually comparing the extent to which they are compliant with the legal obligations of the GDPR and are also showing this to society with their Accountability Seal in the Accountability Seal Register. This insight relates to the company itself and the underlying processors and sub-processors of (personal) data. In this way, a chain of trust is created based on a verifiable accountability process at manageable costs.

Three assessment frameworks are available to support accountability for compliance with the TTP Code of Conduct GDPR:

• Assessment framework Protection of personal data for the controller.
• Assessment framework Protection of personal data for the processor.
• Assessment framework Information security.

A company may want to use the assessment framework “Protection of personal data for the controller” for various organisational units, such as the Human Resources department and the Debtors department. This also applies to the Information Security Assessment Framework.

We note that an assessment framework helps to give direction to a compliance process. However, if users only use an assessment framework as a questionnaire to determine the effective operation of management and security measures, this is insufficient for many supervisors.