The General Data Protection Regulation (GDPR) sets out the principles of the GDPR that organisations must follow when processing personal data.

Principles of the GDPR:

The GDPR outlines the basic rules for how companies should handle and protect people's personal information:


  • Lawfulness, fairness, and transparency: Organisations must process personal data lawfully, fairly, and in a transparent manner.


  • Purpose limitation: Personal data must be collected and processed for specified, explicit, and legitimate purposes.


  • Data minimisation: Personal data must be adequate, relevant, and limited to what is necessary for the purposes for which it is processed.


  • Accuracy: Personal data must be accurate and kept up to date, with appropriate measures in place to ensure inaccuracies are corrected or erased.


  • Storage limitation: Personal data must not be kept for longer than is necessary for the purposes for which it is processed.


  • Integrity and confidentiality: Personal data must be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage.


  • Accountability: Organisations are responsible for ensuring that they comply with the GDPR and must be able to demonstrate this compliance.


<Return Home>