GDPR, which stands for General Data
Protection Regulation, is a European Union for data protection and privacy law.
The purpose of the GDPR regulations is to enhance individual’s control and
rights over their personal data and streamline the regulatory landscape for
international commerce.
Principles of the GDPR
There are seven fundamental principles of the GDPR. These principles specify the compliance standards for businesses that collect, process, and retain personal data. These principles encapsulate the concept of an effective and efficient data protection system.
- Lawfulness, fairness, and transparency:
The first principle states
that personal data processing must be done lawfully, fairly, and transparently
to the data subject.
○ Lawfulness: It means that when you are collecting data and processing it, it must be done on a valid legal basis.
○ Fairness: It means that you would not abuse or improperly handle the data you collect.
○Transparency: It means being transparent or honest with data subjects regarding your identity, the purpose for collecting data, and the intended use of that data.
- Purpose limitation:
This principle states that while processing personal data for a purpose you have planned, it must be specified, explicit, and legitimate, per GDPR legislation. It means you are not permitted to use the data for any other purpose after processing it.
- Data minimization:
This principle states that you should collect and process only the minimum personal data required to achieve your purpose. The GDPR states that the personal data you collect for processing must be sufficient, relevant, and limiting.
- Accuracy:
This principle states that the data you collect or store must be accurate and, if needed, updated regularly. You, as the data controller or processor, should take the appropriate step to ensure that inaccurate personal data is immediately erased or corrected without delay.
- Storage Limitation:
This principle states that the data you have collected always has an expiration date, after which you have no right to store it. To comply with this storage limitation policy, you would need to specify the retention period for personal data.
- Integrity and confidentiality (Security):
This principle states that you should maintain the security of the personal data you collect. You should implement the proper technical or organizational security measures to protect your data from internal threats like unauthorized use, unintentional loss or damage, and external threats like phishing or extortion.
- Accountability:
The final principle of GDPR states that you must be accountable for your data and demonstrate compliance with all preceding regulations. You must record each step you take and justify it with the appropriate documentation to maintain the level of accountability.
You can also refer to How to Prepare for the GDPR Certification Exam.
GDPR certification with InfosecTrain
Join InfosecTrain's GDPR certification training course, and you will be able to understand the fundamental principles of personal data protection with our skilled trainers.