GDPR, data, protection, security, cyber security, customer data, flaw

GDPR – The six privacy principles

With GDPR, there are six principles which give companies a broad, top level overview of which areas are covered by the new regulation. These principles are:

Lawfulness, fairness and transparency

Transparent: The subject must be told what data processing will be done.
Fair: What is processed must match how it has been described
Lawful: Processing of the data must meet the tests described in GDPR [article 5, clause 1(a)].

Purpose limitations

Personal data can only be obtained for “specified, explicit and legitimate purposes” [article 5, clause 1(b)]. This means that data can only be used for a specific processing purpose that the subject has been made aware of and no other, without obtaining further consent from the subject.

Data minimisation

Data collected on a subject should be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”. [Article 5, clause 1(c)]. This means that no more than the minimum amount of data should be kept for specific processing.


Data must be “accurate and where necessary kept up to date” [article 5, clause 1(d)]. Baselining (comparing current computer network performance to a historical metric) can help to ensure good protection, and protection against identity theft. Data holders should also build rectification processes into data management and archiving activities for subject data.

Storage limitations

The Regulator will expect all personal data to be “kept in a form which permits identification of data subjects for no longer than necessary”. [Article 5, clause 1(e)]. This means that businesses / organisations will need to stay on top of the job of removing any data that is no longer required.

Integrity and confidentiality

Processors of data will need to handle that data “in a manner [ensuring] appropriate security of the personal data including protection against unlawful processing or accidental loss, destruction or damage”. [Article 5, clause 1(f)].

"It took some time, but they've done it. These guys are fantastic!"

Industrial supplier, London
IT reoport, Essex, London, southend

DPIA – Data Protection Impact Assessments

Data Protection Impact Assessments are a mandatory way of identifying, assessing and mitigating or minimising privacy risks.

Read more
gdpr, privacy, data protection, Essex, London, southend

GDPR – The six privacy principles

There are six principles which give companies a broad, top level overview of which areas are covered by the new regulation.

Read more
cyber security, personal, data, protection, Essex, London, southend

GDPR – Data subjects’ rights

GDPR lists a range of customers’ or data subjects’ rights that must be adhered to. If you hold data on anyone, they have a right to know.

Read more
customer, consent, Essex, London, southend

GDPR – Consent

Under GDPR your company must be able to prove clear and affirmative consent to process personal data.

Read more
fine, Essex, London, southend

GDPR – Liabilities to your business

Liability and responsibility will extend to all organisations that touch the personal data of the subject / subjects.

Read more
gdpr consultant, Essex, London, southend, training

GDPR and your business

Companies need to take a fresh look at how they deal with personal data in all aspects of operations, and 3rd party business relationships.

Read more
Brexit, Essex, London, southend

Post Brexit – Data Protection Bill

This new UK Data Protection Bill will replace the Data Protection Act 1998, and will essentially transfer the EU’s GDPR into UK law post Brexit.

Read more
GDPR, compliancy, compliant, consultancy

GDPR compliancy service

Find out how Globalnet can help small businesses protect personal data and meet GDPR requirements.

Read more


Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals.

0203 005 9650