1. GDPR principles explained
Welcome back! The GDPR principles are the core pillars of GDPR implementation and guide your approach to data protection and compliance.
2. What are they?
The GDPR principles are not entirely new. They are built upon earlier laws, and you can also recognize many of them in other data protection and privacy laws.
Article 5 sets out the seven principles of GDPR - Lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability.
Let's explore what each principle means.
3. Lawfulness, fairness, and transparency
First and foremost, personal data should be processed lawfully, fairly, and transparently.
Lawfulness requires that you have at least one of the six legal bases set by GDPR to process personal data. We'll learn all about GDPR legal bases in the following video.
Your processing must be fair; that is, you will handle the personal data of individuals with a reasonable fairness level expected by them.
You also need to be transparent about how you will use the data.
Fairness and transparency are integral to data subject rights, which we will also discuss more.
4. Purpose limitation
The purpose limitation principle limits how controllers can use personal data. Personal data must be collected for a specific purpose and should not be used or processed for other purposes incompatible with the original.
For example, A doctor's wife runs a small travel agency. The doctor has patient data for treatment purposes and shares the list of recently discharged patients with his wife. His wife then sends the discharged patients recuperative get-well travel package promotions. Here you can see that the secondary use of data was incompatible with the original purpose of treatment.
5. Data minimization
The data minimization principle requires that personal data collection should be adequate, relevant, and limited to what is necessary. Don't collect excessive data or collect data just in case for the future, but only collect the right amount you need for your purpose.
6. Accuracy
When you collect personal data, you have to ensure that it is accurate and not misleading. You also need to keep the data up-to-date. For example, like verifying the accuracy of your client's addresses periodically.
7. Storage limitation
The storage limitation principle limits the retention period of personal data. You are not allowed to keep personal data indefinitely, and should indicate a time limit for retention. However, there are exceptions for personal data necessary for research purposes or valuable for statistical purposes.
8. Integrity and confidentiality
The integrity and confidentiality principle is also known as the security principle. Personal data should be processed in a manner that ensures appropriate security of the personal data. We will explore further about implementing the security of processing in the coming videos.
9. Accountability
The accountability principle of GDPR is an overarching principle that states that the data controller shall be responsible for and be able to demonstrate compliance with the six principles discussed so far. To recap the six principles we have discussed so far: Lawfulness, fairness and transparency, Purpose limitation, Data minimization, Accuracy, Storage limitation, and Integrity and confidentiality.
10. Let's practice!
Even before looking into the various GDPR, the first step, rather a go-no-go moment for data processing, is whether you have a lawful basis for collecting and processing personal data. In the following video, we'll learn about the six legal bases of GDPR. But first, let's test your newly acquired knowledge of GDPR principles.