The six data protection principles:
Being GDPR (General Data Protection Regulation) compliant, especially for small establishments, is not as easy as it may seem. With limited resources to appoint data protection experts to guide them through the compliance process, small establishments seek direction from the GDPR guideline.
There are many requirements for data protection. However, the GDPR emphasizes six major data protection principles that it deems particularly useful.
In this blog, we will take a look at each principle and describe it briefly:
1. Lawfulness, fairness, and transparency
Taking responsibility for how you process personal data is vital. Therefore, it is crucial to mention what type of data you collect and why you manage it.
Documenting procedures and routines related to data collection, anonymization, and minimization are most important in compliance, for compliance is transparency.
2. Purpose limitation
As the naming indicates, purpose limitation is gathering data for a clear purpose within a limited time frame of completing the objective. For example, a customer has subscribed to the regular monthly newsletter, but you use his mail address to send them other advertising.
3. Data minimization
Minimization is all about collecting minimum personal information to accomplish a specific purpose, and a data collector will be assigned for this purpose. The collection will be done by the appointed data collector and should retain the time it takes to complete a particular purpose. If you want to create a birthday calendar in your company so you know in advance who to congratulate next week? Great idea! But here, it's not necessary to also share the year of birth company-wide.
4. Accuracy
Collecting accurate personal data is critical.
The GDPR ensures that all data collected is correct and rectifies or erases all inaccurate data.
5. Storage limitation
Like data limitation and accuracy, data should be stored within a specific time frame or time limit. It is the responsibility of establishments to review any unnecessary data stored for an extended time beyond the intended use. If a customer unsubscribes from your newsletter, you must delete their email address immediately.
6. Integrity and confidentiality
By integrity and confidentiality, we mean limiting access to information and guaranteeing that the information is reliable and correct.
Accountability comes as an additional seventh principle, summarising the six main principles in one.
Having the necessary documentation in place to ensure data protection compliance.
These documentations mainly consist of technical measures, including but not limited to:
Compliance routines and policies
Maintaining electronic records of processing activities
Checklist for processors
Privacy notices
Staff training records
Data breach records
Data protection impact assessment not handling data will probably cost a company financial penalties or its reputation.
Not handling data will probably cost a company financial penalties or its reputation.
Financial penalties for companies who fail to comply or face a data breach could reach up to 20 million euros or 4% of company turnover. However, there are significant facts to deliberate before being heavily penalized, the severity and duration of the breach, the intentionality or negligence behind the violation, the type of personal data involved…
A harmed reputation might be the cause of considerable damage. But unfortunately, a company’s damaged reputation goes beyond repair. For this reason, handling data according to the data protection principles is essential and minimizes the risk of data misuse. Letting your teams in on how to handle data and training your employees can be put into place to avoid any damage to corporate reputation.
Andreas Springer _Actonic_
Head of Marketing
Actonic GmbH
Germany
2 accepted answers
0 comments