The General Data Protection Regulation (GDPR) sets out the principles of the GDPR that organisations must follow when processing personal data.
Principles of the GDPR:
The GDPR outlines the basic rules for how companies should handle and protect people's personal information:
- Lawfulness, fairness, and transparency: Organisations must process personal data lawfully, fairly, and in a transparent manner.
- Purpose limitation: Personal data must be collected and processed for specified, explicit, and legitimate purposes.
- Data minimisation: Personal data must be adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
- Accuracy: Personal data must be accurate and kept up to date, with appropriate measures in place to ensure inaccuracies are corrected or erased.
- Storage limitation: Personal data must not be kept for longer than is necessary for the purposes for which it is processed.
- Integrity and confidentiality: Personal data must be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage.
- Accountability: Organisations are responsible for ensuring that they comply with the GDPR and must be able to demonstrate this compliance.