The 7 and 6 Principles of the GDPR
top of page
Search
    • Dec 19, 2018

The 7 and 6 Principles of the GDPR


The General Data Protection Regulation was been discussed here before, but keep in mind that Chapter II of the GDPR specifies 6 key principles for processing personal data and 7 general principles overall.

1. ARTICLE 5 - Processing of Personal Data

1. Must be lawful and transparent.

2. The processing must be limited to a specified purpose.

3. Only the minimum data needed should be processed

4. Inaccurate data must be immediately erased or corrected.

5. Personal data must be stored in a manner permitting personal identification for no longer than is necessary.

6. Data Security must be maintained.

THINK: MC PSST - MINIMIZE; CORRECT; PURPOSE; STORE; SECURITY; TRANSPARENT

2. ARTICLE 6 - Lawfulness of Processing

Data can only be processed if there is consent; a contractual obligation; a legal obligation; a need to protect a vital interest of a person; a public interest; or legitimate interests of a third party that don't override the rights of the data subject.

3. ARTICLE 7 - Conditions for Consent

Specific consent must be given for specific matters and consent can be withdrawn at any time.

4. ARTICLE 8 - Child's Consent

Parental consent is needed for the use of data pertaining to children younger than 16 years old.

5. ARTICLE 9 - Special Categories of Personal Data

Data cannot be processed to show a person's racial or ethnic origin, political opinions, sexual orientation, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data to identify a person is prohibited without consent or for another legitimate purpose.

6. ARTICLE 10 - Criminal Convictions

Only official authorities can keep a comprehensive register of criminal activity.

7. ARTICLE 11 - Processing That Does Not Require Identification

If the purpose for which data is processed does not require identification of a data subject, the controller does not have to process additional information to identify the data subject for the purpose of complying with the GDPR.

This is a silly anagram, but think: LID CCCC


bottom of page