1 minute read
7 Key Principles
Overview of practices for the processing of personal data.
We must process data according to the key principles outlined in Article 5.1-2:
1. Lawful, transparent and fair
• Lawful - We must have a valid lawful basis in order to process personal data.
• Transparent - It must be clear to the subject as to how their data will be processed.
• Fair - Processing must match how it has been described to a data subject and not have any hidden tricks.
2. Data accuracy – We must take steps and implement processes to ensure personal data is accurate and, where necessary, stored in a way that allows a user to update or delete the data themselves (securely).
3. Purpose limitations – Personal data can only be obtained for specified, explicit and legitimate purposes. Data can only be used for a specific processing purpose that the subject has been made aware of and no other, without further consent (with some exceptions).
4. Integrity and confidentiality – Process personal data in a manner that ensures appropriate security and protection against unauthorised or unlawful processing, as well as accidental loss, destruction or damage.
5. Storage limitations – Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
6. Data minimisation – Process personal data only when it is adequate, relevant and limited to what is necessary for the purposes for which they are processed.
7. Accountability – We must be able to demonstrate compliance with the other principles. It’s not enough to comply, you must be seen to be complying. The range of processes that organisations must put in place to demonstrate compliance will vary depending on the complexity of the processing.
