Guidelines 07/2020 on the concepts of controller and processor in the GDPR
1 GENERAL OBSERVATIONS
6. The GDPR, in Article 5 (2), explicitly introduces the accountability principle which means that:
the controller shall be responsible for the compliance with the principles set out in Article 5 (1) GDPR; and that
the controller shall be able to demonstrate compliance with the principles set out in Article 5 (1) GDPR. This principle has been described in an opinion by the Article 29 WP and will not be discussed in detail here.