GDPR Data Collection Principles
Punit Bhatia
15 years: Data privacy & GDPR
In video 7 of this 10 part series, Punit talks about the key principles for processing of personal data and why they form a key part of GDPR legislation. Though these are not hard rules, they are principles that all companies should follow to ensure they are in keeping with the spirit of data protection.
In video 7 of this 10 part series, Punit talks about the key principles for processing of personal data and why they form a key part of GDPR legislation. Though these are not hard rules, they are principles that all companies should follow to ensure they are in keeping with the spirit of data protection.
GDPR Data Collection Principles
11 mins 15 secs
Key learning objectives:
Identify the key principles for the processing of personal data
Explain each of the key principles in detail
Overview:
The data protection principles are the core of GDPR and define the spirit of processing of personal data in the GDPR regime. The principles are set out right at the start of the GDPR legislation and form the basis of everything that follows. Organisations intending to comply with EU GDPR should make their plans in alignment with the spirit of these principles, failure to comply with principles can lead to significant fines.
What are the key principles for the processing of personal data?
The GDPR sets out seven key principles:
1.Lawfulness, fairness and transparency - The organisation must ensure that it does not do anything that is contradictory with any of the laws. They must use personal data in a way that is fair and must be clear, open and honest with people from the start about how their personal data will be used.
2. Purpose limitation - The organisation must be clear about what the purposes for processing are from the start. Purpose limitation also implies that an organisation can only use the personal data for a new purpose if either this is:
- Compatible with your original purpose
- Has obtained consent of the individual
- There is a clear obligation that is set out in law
3. Data minimisation - This principle requires collecting a minimal amount of data that is absolutely necessary for the purpose of processing.
4. Accuracy - This principle requires that organisations take all reasonable steps to ensure the personal data they hold is not incorrect or misleading as to any matter of fact. When a company determines that personal data is inaccurate or deceptive, it must take appropriate action to correct or delete it as soon as possible.
5. Storage limitation - This requires that organisations must not keep personal data for longer than it is necessary. For example, when a client has stopped using all the products from your company, it is not necessary that you keep storing their data 20 years after they have left.
6. Integrity and confidentiality (security) - The ‘integrity and confidentiality’ principle of the GDPR is also known as the security principle as it is all about measures an organisation takes. This principle concerns the privacy of personal data in order to ensure that the organisations have adequate security measures in place to protect the personal data they possess.
7. Accountability - The accountability principle requires organisations take responsibility for what they do with personal data and how they comply with the other principles.
Punit Bhatia
There are no available Videos from "Punit Bhatia"