€14.62 – €17.86
Main Data Protection Principles under GDPR
- Lawfulness, Fairness, and Transparency
Data processing must be done legally, fairly, and transparently. Organizations must inform data subjects about how and why their data is being collected and processed. Consent or other lawful bases (e.g., contract, legal obligation) should be obtained, and the data subject must be aware of their rights. - Purpose Limitation
Personal data should only be collected for specific, legitimate purposes and not further processed in ways incompatible with those purposes. Organizations must clearly define the purpose for data collection and restrict usage to that purpose. - Data Minimization
Only the minimum amount of personal data necessary to fulfill the intended purpose should be collected. This principle ensures that organizations do not collect or retain more data than is required. - Accuracy
Personal data should be accurate and kept up to date. Inaccurate data should be corrected or erased without delay to ensure data quality and integrity. - Storage Limitation
Personal data should not be kept longer than necessary for the purpose for which it was collected. Organizations should define retention periods and delete or anonymize data once it is no longer needed. - Integrity and Confidentiality (Security)
Data must be processed in a way that ensures its security, including protection against unauthorized access, loss, or damage. This involves implementing appropriate technical and organizational measures, such as encryption, access controls, and regular security audits. - Accountability
The data controller is responsible for demonstrating compliance with the GDPR principles. Organizations must maintain records of processing activities and, where appropriate, conduct privacy impact assessments (PIAs) and ensure staff training on data protection matters. - Data Subject Rights
Data subjects have several rights under GDPR, including the right to access, rectification, erasure (right to be forgotten), data portability, restriction of processing, and objection to processing. Organizations must facilitate these rights and respond to requests within a specified time frame.
