What are the 7 principles of GDPR?
The GDPR has seven principles that govern the processing of personal data:
- Lawfulness, fairness, and transparency: Personal data must be processed in a way that is legal, fair, and transparent to the individual whose data is being processed.
- Purpose limitation: Personal data must be collected for specific, explicit, and legitimate purposes, and not processed in any way that is incompatible with those purposes.
- Data minimization: Personal data must be adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
- Accuracy: Personal data must be accurate and kept up-to-date, and any inaccurate data must be rectified or erased without delay.
- Storage limitation: Personal data must be kept for no longer than is necessary for the purposes for which it is processed, and must be appropriately safeguarded if stored for longer periods.
- Integrity and confidentiality: Personal data must be processed in a manner that ensures appropriate security, protection against unauthorized or unlawful processing, and protection against accidental loss or damage.
- Accountability: The controller of personal data must be responsible for and able to demonstrate compliance with these principles.