With GDPR, there are six principles which give companies a broad, top level overview of which areas are covered by the new regulation. These principles are:
Transparent: The subject must be told what data processing will be done.
Fair: What is processed must match how it has been described
Lawful: Processing of the data must meet the tests described in GDPR [article 5, clause 1(a)].
Personal data can only be obtained for “specified, explicit and legitimate purposes” [article 5, clause 1(b)]. This means that data can only be used for a specific processing purpose that the subject has been made aware of and no other, without obtaining further consent from the subject.
Data collected on a subject should be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”. [Article 5, clause 1(c)]. This means that no more than the minimum amount of data should be kept for specific processing.
Data must be “accurate and where necessary kept up to date” [article 5, clause 1(d)]. Baselining (comparing current computer network performance to a historical metric) can help to ensure good protection, and protection against identity theft. Data holders should also build rectification processes into data management and archiving activities for subject data.
The Regulator will expect all personal data to be “kept in a form which permits identification of data subjects for no longer than necessary”. [Article 5, clause 1(e)]. This means that businesses / organisations will need to stay on top of the job of removing any data that is no longer required.
Processors of data will need to handle that data “in a manner [ensuring] appropriate security of the personal data including protection against unlawful processing or accidental loss, destruction or damage”. [Article 5, clause 1(f)].
Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals.