Get Free Downloads
Start your GDPR today in just a few clicks
Get Free Downloads
Start your GDPR today in just a few clicks

GDPR Principles

by Adam Brogden
in Blog

12-Mar-2019 10:07

The GDPR regulations are pretty complicated, difficult to interpret, and in most cases impossible to implement with any degree of confidence for any organisation. Here at Optindigo we have worked with over 1000 companies and understand how GDPR applies to almost every type of company. There are a few guiding principles to consider:

Lawfulness, fairness and transparency
Do you have a lawful basis to collecting, storing, and process the data? Are you being clear about why and how you are processing the data and is this fair and as the data subject would reasonably expect.

Purpose limitation & Data minimisation
Are you collecting just the data you need in order to complete the processing you have agreed with the data subject? Have you been clear with them and are you only processing as you describe?

Are you maintaining the data correctly and have you established processes to ensure the data held on any one person is accurate and up to data? Have you established processes to avoid data errors and to avoid duplication and corruption?

Storage limitation
How long are you storing the data? You should be clear with the data subject and ensure that you only hold the data for as long as necessary and for as long as the data subject would reasonably expect. You must not store data indefinitely unless you have a good reason.

Integrity and confidentiality (security)
You must store the data securely and avoid sharing the data with any third party unnecessarily. You must take all reasonable precautions to avoid data breaches, hacks, or malicious attacks that potentially compromise your security. You may need to prove that you took all reasonable precautions.

The Accountability principles represents a significant change from the old DPA- under GDPR Responsibility and Accountability are better defined and Accountability along with fines and other penalties often rests with the Management and Directors. Where a breach is caused by an admin error or malicious act the Accountability will often rest with the senior management team.

These principles should lie at the heart of your approach to processing personal data, use this list as an acid test to see how well you have adopted GDPR principles. If you want to discuss please feel free to contact us at any time.

Good luck all.