Skip to content
GDPR Summary GDPR Information online

GDPR Information

For businesses

  • Home
  • SummaryExpand
    • Principles
    • Definitions
    • Personal Data Breaches
  • AgreementsExpand
    • Data Processing Agreement
    • Privacy Policy
    • Internal Routines
    • Records of Processing Activites
  • RolesExpand
    • Controller
    • Processor
  • Guides
  • BlogExpand
    • News
    • Articles
    • Information
    • Legal Bases
GDPR Summary GDPR Information online
GDPR Information
For businesses

The Seven Data Protection Principles of the GDPR

There are seven data protection principles of the GDPR. The principles are summarized below.

Summary of the seven data protection principles of the GDPR

All processing of personal data must take place in accordance with the seven basic data protection principles according to the GDPR. The principles must be taken into account in all processing of personal data. For example, in connection to collection and storage of personal data. Below you can read more about the different principles.

7 Principles on data Protection of the GDPR Information online

The seven data protection principles of the GDPR

There are seven data protection principles according to GDPR that must be followed. And they are briefly described below.

Lawfulness, fairness and transparency

The personal data controller must ensure that the processing of personal data takes place in a legal and correct manner. Also, that the processing is made in accordance with the GDPR.

According to this principle, the Controller may not hide anything from the data subjects, regarding how their personal data is processed. The processing must be characterized by transparency towards the data subjects. This is one of the reasons why the GDPR requires companies and other personal data controllers to write a Privacy Policy. A Privacy Policy must include information about the processing. For instance, why it takes place, storage duration and much more. 

Purpose Limitation

The principle of purpose limitation means that personal data may only be used for specific purposes. The principle also means that the Controller must state the purpose of each individual processing of personal data. Also, the duration for which the processing is necessary.

This principle means that it is not permitted to collect personal data without a certain specifically stated purpose. All processing must therefore have a purpose.

Data minimisation

This principle means that the Controller shall only process the personal data that is necessary for the specific chosen purpose of the processing. This means that it is not permitted to process more personal data than what is necessary. The principle of data minimization means that the number of personal data that is processed must be minimized to the most necessary. This is positive, as it is easier to handle fewer personal data. And it is also easier to keep them up to date.

Accuracy

The Controller is responsible for ensuring that the processing of personal data takes place with accuracy. This means that any personal information that is incorrect, must be corrected or deleted.

The GDPR requires accuracy regarding all personal data. And every reasonable step must be taken to correct incorrect information, or to erase personal data that is incorrect.

Storage limitation

The principle of storage limitation means that personal data must be erased (deleted), when they are no longer necessary for the purpose for which they were collected. The Controller must, for example, keep a logbook and note performed erasures in the logbook. Such logbook proves that the company complies with the GDPR. For example, erasure can take place from different types of storage spaces, where personal data can be found. For instance, from internal registers and systems, computers, e-mail, telephone directory, physical documents, etc.

Integrity and confidentiality

This principle means that the Controller must ensure that the processing of personal data takes place in a way that ensures appropriate security. Also, including protection against illegal or unauthorized processing. In addition, the Controller must ensure protection against unintentional loss, damage or destruction of personal data. This will be done by the Controller in charge implementing various technical and organizational security measures. For example, this can be done by introducing safety routines that the staff in the company must follow. Also, such internal routines must be documented in writing.

An organizational security measure can be, for example, to carry out password changes in all internal systems and registers as well as work computers, telephones, etc.

A technical security measure can be, for example, to install different types of digital antivirus software, backup systems etc.

Accountability principle

The principle of liability means that the Controller is obliged to comply with all the above data protection principles. This must be fulfilled in each individual case and in all processing of personal data.

An important part of this principle is about being able to prove that all data protection principles according to the GDPR are followed. This can be done by writing and documenting the internal routines that apply during data erasure, collection, storage, etc.

In addition, all employees must follow such internal procedures and be familiar with the provisions of the GDPR. A data protection policy, or Privacy Policy, is also important to have. It explains to the data subjects, how their personal data is processed and what rights they have.

Ensure that the company follows the principles

Use a checklist to ensure that your company follows the seven GDPR principles.

Create a checklist for your company

It is important to ensure that the company and its employees comply with the above data protection principles in accordance with the GDPR. This applies to all processing of personal data and it is important that all employees have knowledge of the data protection principles and the GDPR. One tip is to establish routines that the company can use to check that the employees and the company follow the principles when processing personal data. For example, creating a checklist can make it easier.

The checklist should include information on the following:

– The purpose of the processing.

– What legal basis that the process is based on.

– Whether the data subject has been informed of the processing or not.

– If the accuracy of the information has been checked.

– Results of security analysis regarding the protection of personal data.

– The routine for deleting personal data.

– The documents and agreements that prove that the company complies with the terms of the GDPR.

Seven Data Protection Principles of the GDPR Information online

Summary of the GDPR for Companies, Entrepreneurs and Businesses

There is a lot of information about the GDPR that is important for companies, entrepreneurs and businesses to know about. We have therefore written a GDPR Summary and mention various key elements. Therefore, we are able to provide an overview of the GDPR, what it means and what companies must do to comply with the EU regulation.

Read the summary

Links

Home

GDPR Summary

Agreements for companies 

Free GDPR Guides 

 

 

Popular Subjects

Who can be a Controller? 

Who shall breaches be reported to?

Data Protection Principles

EDPB Guide 

GDPR Summary GDPR Information online
www.GDPRINFORMATION.com

© 2023 GDPR Information

Scroll to top
The website uses cookies
We would like to use Google's analytics cookies, to be able to analyze how the website is used and to publish more relevant content. When you click on "Accept", we have the right to collect unidentified information about your use of this website and your device. You have the right to withdraw your consent at any time. By clicking on "Accept", you agree to the use of Google's analytics cookies. However, you can visit the settings to provide customized consent. Read more in our cookiepolicySettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously. Necessary cookies are placed automatically and do not require your consent.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
CookieDurationDescription
_ga2 yearsThis cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_137823009_51 minuteThis cookie is set by Google and is used to distinguish users.
_gid1 dayThis cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
Save & Accept
  • Home
  • Summary
    • Principles
    • Definitions
    • Personal Data Breaches
  • Agreements
    • Data Processing Agreement
    • Privacy Policy
    • Internal Routines
    • Records of Processing Activites
  • Roles
    • Controller
    • Processor
  • Guides
  • Blog
    • News
    • Articles
    • Information
    • Legal Bases