What Are the 7 GDPR Requirements?

Written By Charlotte Gerrish

The General Data Protection Regulation (GDPR) establishes seven core principles that organisations must adhere to when processing personal data. The principles can be found in Article 5 of GDPR.

The GDPR principles are: personal data must be processed lawfully, fairly, and transparently, collected for specific, legitimate purposes; minimised to what is necessary, accurate and up-to-date, stored only as long as necessary, secured against unauthorised access, and managed with accountability and evidence of compliance.

At the heart of these principles is the requirement for lawfulness, fairness, and transparency. This means that data must be handled in a legal, fair manner, and organisations must be transparent about how they collect and use personal information.

Another crucial principle is purpose limitation, which says that data should only be gathered for specific, legitimate purposes and should not be repurposed for unrelated uses. Alongside this, the principle of data minimisation requires that only the data necessary for the intended purpose be collected and processed, avoiding excessive data collection.

Accuracy is also fundamental under the GDPR. The principle of accuracy requires that personal data must be accurate and kept up to date, with provisions in place to correct or delete data that is inaccurate. Similarly, the principle of storage limitation ensures that data is not retained in a form that allows individuals to be identified longer than necessary.

The GDPR also emphasises integrity and confidentiality, requiring organisations to implement appropriate security measures to protect data from unauthorised access, loss, or damage. Finally, the principle of accountability requires that organisations must demonstrate their compliance with these principles and take responsibility for their data processing activities.

These principles form the backbone of GDPR and guide organisations in maintaining respect for individuals' rights and ensuring robust data protection throughout their operations.

Charlotte Gerrish
Previous

What Are SAAS Contracts?
Next

Can You Write a Business Contract Without a Lawyer?