Any individual, business or institution doing business with UK citizens is legally compelled to adhere to the data protection handling rules laid out in the UK GDPR. But what is the GDPR and what are the principles underlying its rules and regulations? Read on to find out.
The 7 Principles at the Heart of the GDPR
Principle #1: Lawfulness
Lawfulness in this case means any data collection activities must comply with one of the following scenarios in order to be legal:
- The data subject must have given their consent.
- Data collection is related to a legal obligation.
- Data Collection is done in relation to a contract or contract talks.
- Data is collected to save someone’s life (think medical emergency).
- Data collection is in the public interest.
Principle #2: Purpose limitations
Purpose limitations refer to why the data is being collected: the purpose of the data collection. Those collecting the data must provide a reason for collecting the data and give a clear indication of what they plan to do with it.
Principle #3: Data minimisation
Those collecting data should not collect more than is absolutely necessary in order to achieve their stated goal. All data collected must also be accurate and relevant to the stated collection goal. Data cannot be collected for the sole reason that it may be useful at some later date.
Principle #4: Accuracy
This principle is widely interpreted as being necessary to stop entities from collecting any old data they can get their hands on. Instead, the data must be accurate and relevant and the data subject must have the ability to have inaccurate data corrected.
Principle #5: Storage limitation
Data cannot be kept for longer than the collector has a legitimate need for it. If, for instance, the original need to collect the data is no longer relevant any data collected for that reason must be destroyed.
Principle #6: Integrity and confidentiality
In short, this principle stipulates that collected data can only be managed or otherwise accessed by those who have a legitimate reason to access it and are fully authorised to do so.
To Learn more, Contact Data Privacy Services
The need to handle personal data in a responsible manner that complies with GDPR regulations is non-negotiable. If you would like to learn more or arrange a consultation with our data privacy experts get in touch with Data Privacy Services today by calling 084 5835 7094.