Basic GDPR Principles – Reading Time: 2 minutes (Last updated 1st of September, 2020)
An understanding of basic GDPR principles has become essential since the introduction of the EU law in 2018. The General Data Protection Regulation (GDPR) is a set of rules created by the European Parliament in April 2016. The GDPR law came into effect just over two years later on the 25th of May 2018. The regulation states that any company or individual processing data that can identify an individual is also be held responsible for the protection of that data. Third parties, such as cloud providers, are not exempt. Every company that wants to do business in an EU country needs to comply. In this short article, we explain the six basic principles of the GDPR.
The Basic GDPR Principles
The principles of the GDPR are focused on the privacy rights of individuals when it comes to collecting and processing their data:
- The Principles of Lawfulness, Fairness, and Transparency: These principles dictate that personal data needs to be processed in a lawful way to the subject.
- The Principle of Purpose Limitation: The data processors can only use the data for the objectives they’ve explicitly described and justified.
- The Principle of Data Minimization: The required information has to be relevant for its purpose and limited to what is necessary.
- The Principle of Trueness, Accuracy: If some of the data is inaccurate, it should be removed or rectified.
- The Principle of Storage Limitation: Data is kept in a form which permits identification of persons for no longer than is necessary for the purposes for which the personal data is processed.
- The Principle of Integrity and Confidentiality: This principle stands for taking all required measures to ensure all the personal data is protected.
EXIN Privacy & Data Protection Program
This regulation is stringent. The GDPR specifies personal data is all information relating to an identified or identifiable person. Organizations need to apply new, better standards in the way they are handling data. Non-compliance under the GDPR may bring hefty fines of up to 4% of the company’s annual global turnover or 20 million Euros, whichever is higher.
The EXIN Privacy & Data Protection Program ensures that your company knows how to comply with the GDPR. Since people at every level in an organization can handle data, all of the staff need to know basic GDPR principles and their responsibilities to avoid a situation where one act of ignorance or carelessness can cost millions of Euros. The program is especially relevant for data privacy and information security professionals, including Data Officers, Continuity Managers, and Compliance Officers.