There are seven data protection principles under the GDPR which set out what you must do to comply with the law.
- Collection or use of data must be for a valid and lawful reason that is considered fair by the data subject who has been told explicitly what you are doing with their information.
- These uses will be limited to a single “purpose”.
- The data used will be the minimum required to achieve this purpose.
- You’ll ensure that the processing maintains the accuracy of the information and mechanisms for keeping it up to date.
- The information will only be retained for as long as it is required for the original purpose.
- You’ll take every reasonable step to keep the information secure and confidential from both internal and external threats.
- You’ll have documentation to prove that all your processing meet the above requirements.
These principles combined with the evidence of how you honour the data subject rights which together form the foundation upon which data protection is built.