The Seven Data Protection Principles of the GDPR

There are seven data protection principles of the GDPR. The principles are summarized below.

Summary of the seven data protection principles of the GDPR

All processing of personal data must take place in accordance with the seven basic data protection principles according to the GDPR. The principles must be taken into account in all processing of personal data. For example, in connection to collection and storage of personal data. Below you can read more about the different principles.

The seven data protection principles of the GDPR

There are seven data protection principles according to GDPR that must be followed. And they are briefly described below.

Lawfulness, fairness and transparency

The personal data controller must ensure that the processing of personal data takes place in a legal and correct manner. Also, that the processing is made in accordance with the GDPR.

According to this principle, the Controller may not hide anything from the data subjects, regarding how their personal data is processed. The processing must be characterized by transparency towards the data subjects. This is one of the reasons why the GDPR requires companies and other personal data controllers to write a Privacy Policy. A Privacy Policy must include information about the processing. For instance, why it takes place, storage duration and much more.

Purpose Limitation

The principle of purpose limitation means that personal data may only be used for specific purposes. The principle also means that the Controller must state the purpose of each individual processing of personal data. Also, the duration for which the processing is necessary.

This principle means that it is not permitted to collect personal data without a certain specifically stated purpose. All processing must therefore have a purpose.

Data minimisation

This principle means that the Controller shall only process the personal data that is necessary for the specific chosen purpose of the processing. This means that it is not permitted to process more personal data than what is necessary. The principle of data minimization means that the number of personal data that is processed must be minimized to the most necessary. This is positive, as it is easier to handle fewer personal data. And it is also easier to keep them up to date.

Accuracy

The Controller is responsible for ensuring that the processing of personal data takes place with accuracy. This means that any personal information that is incorrect, must be corrected or deleted.

The GDPR requires accuracy regarding all personal data. And every reasonable step must be taken to correct incorrect information, or to erase personal data that is incorrect.

Storage limitation

The principle of storage limitation means that personal data must be erased (deleted), when they are no longer necessary for the purpose for which they were collected. The Controller must, for example, keep a logbook and note performed erasures in the logbook. Such logbook proves that the company complies with the GDPR. For example, erasure can take place from different types of storage spaces, where personal data can be found. For instance, from internal registers and systems, computers, e-mail, telephone directory, physical documents, etc.

Integrity and confidentiality

This principle means that the Controller must ensure that the processing of personal data takes place in a way that ensures appropriate security. Also, including protection against illegal or unauthorized processing. In addition, the Controller must ensure protection against unintentional loss, damage or destruction of personal data. This will be done by the Controller in charge implementing various technical and organizational security measures. For example, this can be done by introducing safety routines that the staff in the company must follow. Also, such internal routines must be documented in writing.

An organizational security measure can be, for example, to carry out password changes in all internal systems and registers as well as work computers, telephones, etc.

A technical security measure can be, for example, to install different types of digital antivirus software, backup systems etc.

Accountability principle

The principle of liability means that the Controller is obliged to comply with all the above data protection principles. This must be fulfilled in each individual case and in all processing of personal data.

An important part of this principle is about being able to prove that all data protection principles according to the GDPR are followed. This can be done by writing and documenting the internal routines that apply during data erasure, collection, storage, etc.

In addition, all employees must follow such internal procedures and be familiar with the provisions of the GDPR. A data protection policy, or Privacy Policy, is also important to have. It explains to the data subjects, how their personal data is processed and what rights they have.

Ensure that the company follows the principles

Use a checklist to ensure that your company follows the seven GDPR principles.

Create a checklist for your company

It is important to ensure that the company and its employees comply with the above data protection principles in accordance with the GDPR. This applies to all processing of personal data and it is important that all employees have knowledge of the data protection principles and the GDPR. One tip is to establish routines that the company can use to check that the employees and the company follow the principles when processing personal data. For example, creating a checklist can make it easier.

The checklist should include information on the following:

– The purpose of the processing.

– What legal basis that the process is based on.

– Whether the data subject has been informed of the processing or not.

– If the accuracy of the information has been checked.

– Results of security analysis regarding the protection of personal data.

– The routine for deleting personal data.

– The documents and agreements that prove that the company complies with the terms of the GDPR.

Summary of the GDPR for Companies, Entrepreneurs and Businesses

There is a lot of information about the GDPR that is important for companies, entrepreneurs and businesses to know about. We have therefore written a GDPR Summary and mention various key elements. Therefore, we are able to provide an overview of the GDPR, what it means and what companies must do to comply with the EU regulation.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_137823009_5	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.