What are the 7 principles of GDPR?

The GDPR has seven principles that govern the processing of personal data:

  1. Lawfulness, fairness, and transparency: Personal data must be processed in a way that is legal, fair, and transparent to the individual whose data is being processed.
  2. Purpose limitation: Personal data must be collected for specific, explicit, and legitimate purposes, and not processed in any way that is incompatible with those purposes.
  3. Data minimization: Personal data must be adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
  4. Accuracy: Personal data must be accurate and kept up-to-date, and any inaccurate data must be rectified or erased without delay.
  5. Storage limitation: Personal data must be kept for no longer than is necessary for the purposes for which it is processed, and must be appropriately safeguarded if stored for longer periods.
  6. Integrity and confidentiality: Personal data must be processed in a manner that ensures appropriate security, protection against unauthorized or unlawful processing, and protection against accidental loss or damage.
  7. Accountability: The controller of personal data must be responsible for and able to demonstrate compliance with these principles.