The EU General Data Protection Regulation (GDPR) came into force in May 2018. The new regulation reinforces the local European legislation for GDPR data protection and aligns regulators under one authority. The 6 GDPR principles emphasise its aim to drive compliance. They can be used in a way to guide organisations on how they can manage the personal data in the best way possible.
THE SIX PRINCIPLES OF GENERAL DATA PROTECTION REGULATION ARE:
1. LAWFULNESS, FAIRNESS, AND TRANSPARENCY
The processing of personal data must be done lawfully, fairly and transparently. To remain lawful, you need to have an in-depth understanding of the GDPR and also make sure none of the data collection practices are hidden from its subjects.
Fairness means to handle personal data in ways that users would expect as personal data may sometimes be used in a way that negatively affects an individual without this necessarily being unfair.
In order to maintain transparency in processing data, you should state the type of data you collect and the reason you are collecting it in your privacy policy.
2. PURPOSE LIMITATIONS
Organisations have the right to collect personal data only for specific, explicit and legitimate purposes. The data can only be used for the described purposes. If you plan to use or disclose the personal data for any other purpose that is different from the originally specified purpose, ensure that the usage is justified and have necessary documentation to specify your purposes.
3. DATA MINIMIZATION
It is necessary to bear in mind that the least amount of personal data is being utilised to fulfil your purpose. If you do not need it, do not collect it. If you are holding additional data that is not necessary for your purpose, this is likely to be unlawful and is also considered as a breach of the data minimisation principle.
4. ACCURACY
Accuracy of personal data is of utmost importance. There should be zero tolerance for inaccurate data and any error in personal data should be rectified as soon as they become known. General Data Protection Regulation mentions that “every reasonable step must be taken” to rectify data that is inaccurate or incomplete. Users also have the right to request inaccurate or incomplete date to be erased.
5. STORAGE LIMITATION
Do not hold on to data that is no longer required for the defined purposes. It is also important for organisations to securely remove the data when it is no longer necessary.
6. INTEGRITY AND CONFIDENTIALITY
This principle deals explicitly with security. The confidentiality and integrity of the personal data must always be maintained. Encrypted data remains confidential and maintains its integrity even if it falls into the wrong hands. Additional measures must be taken to protect against unlawful processing and accidental damage.
By enrolling for GDPR online training course, you will learn how to lead data protection enforcement across your organisation. Some of the benefits of enrolling for this course are:
Site Selector
Global
Americas
Asia
Europe
Middle East and Africa