GDPR Compliance – Data Collection Rules

GDPR – General data Protection Regulation comes into force on 25 May 2018, under which there are lots of principles which must comply by business and organizations as per article 5 of GDPR. Let’s see in more details.

The Principle of Lawfulness

The principle of lawfulness refers to, the fact that all companies that process the personal data of people in EU must have a legal reason for doing so.  GDPR details what the legal grounds are, and what the elements of lawfulness are.

The Principle of Fairness

The principle of fairness means that there needs to be a fair balance when it comes to what personal data is processed, how it is processed and what the companies has promised with regards to processing.

The Principle of Transparency

The transparency principle means that companies must have to be completely clear and open about how and why they process personal data.

The Principle of Purpose Limitation

This principle means that the personal data should only be processed for specified reasons and that it should not be processed in a way that is not compatible with these original reasons.

The Principle of Data Minimisation

To comply with this principle of GDPR, companies must only process the personal data that is required. Companies have to stick within the requirements of the purpose when deciding whether or not items of personal data are required.

The Accuracy Principle

As principles name stated clearly, under this principle companies make sure that any personal data which is processed is accurate. Also, data must be kept up to date and erased or amended where necessary.

The Principle of Storage Limitation

This principle means companies must only store personal data when it is necessary to do so and once the purpose for storing personal data has expired, the data should be deleted, unless there is another legally valid reason for storing it.

The Principle of Integrity and Confidentiality

Under this GDPR principle personal data needs to be processed in such a way that the privacy and rights of individuals are protected and that measures need to be in place to ensure that this happens.

The Principle of Accountability

This GDPR principle deals with accountability. This covers all of the other principles and how controllers and processors are accountable for ensuring that they are adhered to.

It is necessary that companies stick to these principles as non-compliance with GDPR can lead to the imposition of fines and other sanctions.