Lawfully, fairly and in transparent manner
For specified, explicit and legitimate purposes
To extent adequate and necessary for processing purposes
After ensuring accuracy, updating and rectification without delay
No longer than necessary for processing purposes
In a manner ensuring appropriate security
The controller is responsible for and needs to be able to demonstrate fulfillment of six data processing principles:
First, lawfulness, fairness and transparency mean that data need to be processed on lawful legal basis, fairly and in a transparent manner, providing data subject with all necessary information to exercise data protection rights.
Second, the purpose limitation means processing data for legitimate purposes, so you can explicitly answer, why data are processed. The purposes must be specified enough to tell what data are necessary to fulfil them.
Third, data minimization principle tells: ‘the less data, the better’. If some data are not necessary, do not process them just in case it is useful in the future.
Fourth, accuracy principle requires to verify correctness of personal data and provide updating procedure if necessary. If data turns out to be inaccurate, it must be immediately erased or rectified, according to processing purposes.
Fifth, storage limitation requires to erase data once they are no longer needed.
Sixth, integrity and confidentiality mean data must be protected against security breaches, with measures adequate to risks for data subjects.
Table of contents:
Self-implement GDPR in 16 steps: