The General Data Protection Regulation (GDPR), which comes into force on 25 May 2018, introduces a number of principles relating to processing of personal data which businesses and organisations are obliged to comply with. These principles are outlined in Article 5 of GDPR. Let’s look at the principles in more detail.
The Principle of Lawfulness
You can probably understand what the principle of lawfulness refers to, without much explanation. It covers the fact that all businesses and organisations that process the personal data of people who live within the EU must have a legal reason for doing so. GDPR details what the legal grounds are, and what the elements of lawfulness are.
The Principle of Fairness
The principle of fairness is bundled with the principle of lawfulness. This principle means that there needs to be a fair balance when it comes to what personal data is processed, how it is processed and what the business or organisation has promised with regards to processing.
The Principle of Transparency
This principle is the final one of the initial bundle of three principles. The transparency principle means that businesses and organisations have to be completely clear and open about how and why they process personal data.
The Principle of Purpose Limitation
This principle deals with the fact that personal data should only be processed for specified reasons and that it should not be processed in a way that is not compatible with these original reasons.
The Principle of Data Minimisation
In order to comply with this principle of GDPR, businesses and organisations must only process the personal data that is required. This means that they have to stick within the requirements of the purpose when deciding whether or not items of personal data are required.
The Accuracy Principal
As you can probably imagine, this principle refers to making sure that any personal data which is processed is accurate. It also deals with the fact that personal data must be kept up to date and erased or amended where necessary.
The Principle of Storage Limitation
In order to comply with this principle businesses and organisations must only store personal data when it is necessary to do so. This means that once the purpose for storing personal data has expired, the data should be deleted, unless there is another legally valid reason for storing it.
The Principle of Integrity and Confidentiality
This is the GDPR principle which talks about security. This principal dictates that personal data needs to be processed in such a way that the privacy and rights of individuals are protected and that measures need to be in place to ensure that this happens.
The Principle of Accountability
The final principle of GDPR deals with accountability. This means that it covers all of the other principles and how controllers and processors are accountable for ensuring that they are adhered to.
It is vital that businesses adhere to these principles as non-compliance with GDPR can lead to the imposition of fines and other sanctions.