6 Basic Principles of the GDPR

The General Data Protection Regulation (GDPR) is a new set of rules created by the European Parliament in April 2016. Under this regulation, any company or individual that processes data by which an individual can be identified will also be held responsible for the protection of that data. This includes third parties such as cloud providers. Every company who wants to do business in an EU country needs to comply. In this blog, the 6 basic principles of the GDPR are explained.

The GDPR's Basic Principles

The principles of the GDPR are focused on the privacy rights of every person when it comes to collecting and processing their data:

  1. The Principles of Lawfulness, Fairness, and Transparency: These dictate that the personal data needs to be processed in a way that is lawful to the subject.
  2. The Principle of Purpose Limitation: The data processors can only use the data for the objectives they’ve explicitly described and justified.
  3. The Principle of Data Minimization: The information that is required has to be relevant for its purpose and limited to what is necessary.
  4. The Principle of Trueness, Accuracy: If some of the data is inaccurate, it should be removed or rectified.
  5. The Principle of Storage Limitation:  Data is kept in a form which permits identification of persons for no longer than is necessary for the purposes for which the personal data is processed.
  6. The Principle of Integrity and Confidentiality: This principle stands for taking all required measures to ensure all the personal data is protected.

EXIN Privacy & Data Protection Program

This regulation is very strict. The GDPR specifies personal data is all information relating to an identified or identifiable person. Organizations need to apply new, better standards in the way they are handling data. Non-compliance under the GDPR may bring hefty fines of up to 4% of the company's annual global turnover or 20 million Euros, whichever is higher.

The EXIN Privacy & Data Protection Program ensures that your company is ready for GDPR. Since data in an organization is handled at multiple levels, all of the staff need to know what their responsibilities are to avoid a situation where one act of ignorance can cost the company millions of Euros. Those targeted with the responsibility of implementation of this program include, but is not limited to, Data Officers, Continuity Managers, and Compliance Officers.

Because Privacy & Data Protection is a requirement for all organizations, it is good to thoroughly acquaint yourself with these basic principles.