Lawfully, fairly and in transparent manner
For specified, explicit and legitimate purposes
To extent adequate and necessary for processing purposes
After ensuring accuracy, updating and rectification without delay
No longer than necessary for processing purposes
In a manner ensuring appropriate security
The controller is responsible for and needs to be able to demonstrate fulfillment of six data processing principles:
First, lawfulness, fairness and transparency mean that data need to be processed on lawful legal basis, fairly and in a transparent manner, providing data subject with all necessary information to exercise data protection rights.
Second, the purpose limitation means processing data for legitimate purposes, so you can explicitly answer, why data are processed. The purposes must be specified enough to tell what data are necessary to fulfil them.
Third, data minimization principle tells: ‘the less data, the better’. If some data are not necessary, do not process them just in case it is useful in the future.
Fourth, accuracy principle requires to verify correctness of personal data and provide updating procedure if necessary. If data turns out to be inaccurate, it must be immediately erased or rectified, according to processing purposes.
Fifth, storage limitation requires to erase data once they are no longer needed.
Sixth, integrity and confidentiality mean data must be protected against security breaches, with measures adequate to risks for data subjects.
Next: GDPR staff training 8/17 – what are your roles & responsibilities?
Table of contents:
GDPR staff training 1/17 – preview
GDPR staff training 2/17 – how do you approach data protection right now?
GDPR staff training 3/17 – why protect data at all?
GDPR staff training 4/17 – what are personal data?
GDPR staff training 5/17 – what is personal data processing?
GDPR staff training 6/17 – who processes personal data?
GDPR staff training 7/17 – how personal data should be processed?
GDPR staff training 8/17 – what are your roles & responsibilities?
GDPR staff training 9/17 – why the need to know principle is so important?
GDPR staff training 10/17 – what difference can you make?
GDPR staff training 11/17 – how do you approach data protection right now?
GDPR staff training 12/17 – why provide information on data processing?
GDPR staff training 13/17 – what is the sense of consents to data processing?
GDPR staff training 14/17 – what to include in and how to apply contracts?
GDPR staff training 15/17 – what to include in & how to apply contracts?
GDPR staff training 16/17 – how to handle data subject requests?
GDPR staff training 17/17 – wrap-up
Self-implement GDPR in 16 steps:
Complete data protection system – A-Z course & templates