What are the 7 principles of GDPR?

July 17, 2023

Any individual, business or institution doing business with UK citizens is legally compelled to adhere to the data protection handling rules laid out in the UK GDPR. But what is the GDPR and what are the principles underlying its rules and regulations? Read on to find out. 

The 7 Principles at the Heart of the GDPR

Principle #1: Lawfulness

Lawfulness in this case means any data collection activities must comply with one of the following scenarios in order to be legal: 

  • The data subject must have given their consent.
  • Data collection is related to a legal obligation.
  • Data Collection is done in relation to a contract or contract talks.
  • Data is collected to save someone’s life (think medical emergency).
  • Data collection is in the public interest.

Principle #2: Purpose limitations

Purpose limitations refer to why the data is being collected: the purpose of the data collection. Those collecting the data must provide a reason for collecting the data and give a clear indication of what they plan to do with it.

Principle #3: Data minimisation

Those collecting data should not collect more than is absolutely necessary in order to achieve their stated goal. All data collected must also be accurate and relevant to the stated collection goal. Data cannot be collected for the sole reason that it may be useful at some later date.

Principle #4: Accuracy

This principle is widely interpreted as being necessary to stop entities from collecting any old data they can get their hands on. Instead, the data must be accurate and relevant and the data subject must have the ability to have inaccurate data corrected.

Principle #5: Storage limitation

Data cannot be kept for longer than the collector has a legitimate need for it. If, for instance, the original need to collect the data is no longer relevant any data collected for that reason must be destroyed.

Principle #6: Integrity and confidentiality

In short, this principle stipulates that collected data can only be managed or otherwise accessed by those who have a legitimate reason to access it and are fully authorised to do so.

To Learn more, Contact Data Privacy Services

The need to handle personal data in a responsible manner that complies with GDPR regulations is non-negotiable. If you would like to learn more or arrange a consultation with our data privacy experts get in touch with Data Privacy Services today by calling 084 5835 7094.

Request a callback

Schedule a call with us using Microsoft Teams