Data protection principles

If you process data, you can stay lawful by adhering to these principles

Data protection

Pretty much every single business in Europe will have been affected in some way by the introduction of the General Data Protection Regulations (GDPR) back on 25 May. In fact, a lot of businesses were forced to quickly change their data protection policies last minute as the deadline loomed (or just afterwards when the realisation the law was going to change hit).

And that's because the introduction of the GDPR marked the biggest shift in data protection for decades, making sure the data subject (ie., the individual) is protected from unwanted data use such as spam, and of course, prevent their data falling into the wrong hands. It put the subject at the centre of everything, giving them a say into how their data is used and stored.

The GDPR rules apply to all businesses both based in and operating any kind of trade in the EU, so even though the UK is supposedly leaving the EU at some point, the laws will still apply to the majority of businesses. Added to that, even if you don't conduct business with other EU-based companies, the UK's own data laws have changed to be in line with the Europe-wide regulations.

The move doesn't just apply to the protection of customer data - it applies to all of the personal data a company may have access to, such as customer data, employee information, partner records and more.

The Information Commissioner's Office (ICO) is the UK's national data regulator, tasked with enforcing GDPR in the UK, as well as the Data Protection Act 2018, which offers UK-specific provisions outside of GDPR.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

This authority, which has been operating up till now under the terms of the Data Protection Act 1998, has outlined in clear terms a set of principles that lie at the heart of how a company should structure their data policies to ensure maximum compliance with modern standards for data protection.

Lawfulness, fairness and transparency

The first principle is quite possibly the most important. All personal data needs to be processed fairly and lawfully, and in a way that's completely transparent. An organisation has a responsibility to inform every individual that they collect data on exactly how that data will be used and who it will be passed on to. The collection, the processing and the disclosure of data must all be done in accordance with the law.

Purpose limitation

Data collection must be for a stated reason that is lawful and transparent, it must not be processed in a way that's at odds with that original purpose.

Data minimisation

Organisations in charge of collecting data are obligated to make sure the information is adequate, relevant and not excessive in relation to the original reason it was gathered. The subject of the data also has the right to access any data held about them, in whatever format that data is stored, whether it be handwritten notes, emails or formal documents.

Accuracy

Organisations are obligated to ensure personal data held is accurate and up to date. This means that an organisation should review information held about individuals at regular intervals and amend out of date or inaccurate information. Individuals have the right to have inaccurate data about them erased or destroyed. 

Storage Limitation

When data on an individual has served its purpose, it must be deleted or destroyed, unless there are other grounds for retaining it. Organisations should have a review process in place to clean up databases. 

Integrity and confidentiality

The data an organisation has must be kept secure. The data controller has a responsibility to take reasonable steps to ensure the reliability of any employees who have access to personal data. If a third party is used to process data, an organisation must ensure that a contract in place with that data processor which provides for appropriate security measures. 

Other principles

The need to process data in accordance with an individual's rights and the transfer of data to countries abroad were two principles under the previous act but were afforded their own separate chapters under GDPR detailing extensively how these applied under the law.

The principle of 'accountability' also applies under the EU's new set of regulations, with data controllers expected to take greater responsibility for what is done with personal data, and how to comply with the other principles. Under this principle, the appropriate measures, and records must be in place to demonstrate compliance when expected.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/security/data-breaches/354611/misconfigured-security-command-exposes-250-million-microsoft-customer
data breaches

Misconfigured security command exposes 250 million Microsoft customer records

23 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/hardware/354584/windows-10-and-the-tools-for-agile-working
Sponsored

Windows 10 and the tools for agile working

20 Jan 2020