The 7 and 6 Principles of the GDPR

The 7 and 6 Principles of the GDPR

December 19, 2018

The General Data Protection Regulation was been discussed here before, but keep in mind that Chapter II of the GDPR  specifies 6 key principles for processing personal data and 7 general principles overall.


1. ARTICLE 5 - Processing of Personal Data 

    1.   Must be lawful and transparent.

    2.   The processing must be limited to a specified purpose.

    3.   Only the minimum data needed should be processed

    4.    Inaccurate data must be immediately erased or corrected.

    5.   Personal data must be stored in a manner permitting personal identification for no longer than is necessary.

    6.   Data Security must be maintained. 




2. ARTICLE 6 - Lawfulness of Processing

     Data can only be processed if there is consent; a contractual obligation; a legal obligation; a need to protect  a vital interest of a person; a public interest; or legitimate interests of a third party that don't override the rights of the data subject. 


3. ARTICLE 7 - Conditions for Consent

    Specific consent must be given for specific matters and consent can be withdrawn at any time. 


4. ARTICLE 8 - Child's Consent 

     Parental consent is needed for the use of data pertaining to children younger than 16 years old.   


5. ARTICLE 9  - Special Categories of Personal Data

     Data cannot be processed to show a person's racial or ethnic origin, political opinions, sexual orientation, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data to identify a person is prohibited without consent or for another legitimate purpose. 


6. ARTICLE 10 - Criminal Convictions

     Only official authorities can keep a comprehensive register of criminal activity. 


7. ARTICLE 11 - Processing That Does Not Require Identification

    If the purpose for which data is processed does not require identification of a data subject, the controller does not have to process additional information to identify the data subject for the purpose of complying with the GDPR.    


This is a silly anagram, but think: LID CCCC




Please reload

Contact Me With Your Litigation Support Questions:

  • Twitter Long Shadow

© 2015 by Sean O'Shea . Proudly created with