How Many Data Protection Principles Are There?

how many data protection principles

How many data protection principles are there? The GDPR sets out seven principles for the lawful processing of personal data. Processing includes the collection, organization, structuring, storage, alteration, consultation, use, communication, combination, restriction, erasure, or destruction of personal data. Read this article to know the examples of principles.

How Many Data Protection Principles Are There?

The GDPR (General Data Protection Regulation) outlines data protection principles that summarize its many requirements. These principles are on the previous EU data protection rules, but they have been to address a modern digital world.

Lawfulness, Fairness, and Transparency

The first principle is relatively self-evident: organizations need to ensure their data collection practices don’t break the law and that they aren’t hiding anything from data subjects.

Personal data should be lawfully, fairly, and transparent. Everyone involved in the processing of personal data should be about the purpose of the processing and what the data is for.

Purpose Limitation

Personal data should be to what is necessary for achieving the purpose for which it was collected. 

The collected data should be after achieving the purpose. Also, the data subject should have a right to access his/her data.

Data Minimisation

The collected data should be in a format that allows identification of the data subjects for no longer than is necessary for processing.

Accuracy

Personal data should be correct and, where necessary, kept up to date.

Storage Limitation

Personal data should be in a form that permits the identification of data subjects for no longer than is necessary for achieving the purpose for which it was collected or as required by law.

Integrity and Confidentiality

Personal data should be in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures.

Accountability

An accountable person (e.g. controller or processor) must be responsible for all personal data within their scope of responsibility. Data controllers are to maintain records of processing activities under their responsibility.

Advantages

The main advantage of GDPR is that it is simpler than the previous data protection directive. It’s also clearer and more consistent and it applies to all organizations processing data of EU citizens, no matter where they are in the world.

For the first time, it also covers the processing of personal data by public authorities and bodies.

Disadvantages

Another disadvantage is that non-compliance with GDPR can result in a maximum fine of €20 million or four percent of global annual turnover (whichever is higher).

The four principles were by the EU in 1981 and were further amended in 1991, 1995, and 2002. Only minor amendments have been since, for example, to take account of the rise of social media. 

Although the Data Protection Directive has been it is still referred to in many articles of the GDPR as a source of definitions.

Conclusion

The GDPR aims to harmonize data protection laws across the EU, adapting them to the challenges of the 21st century. 

This includes a new right for citizens to request their data be erased, as well as a requirement for organizations to report data breaches within 72 hours.

Click to rate this post!
[Total: 0 Average: 0]