GDPR principles and organizations’ obligations
Data processing principle | Obligations of organizations |
---|---|
Data minimization | Organizations should only collect and process data that are absolutely necessary to achieve the stated purpose. |
Clear intent and linkage to purpose | Organizations must clearly state the purpose of data collection and processing and ensure that the data collected are adequate, relevant and limited to what is necessary to achieve that purpose. |
Data accuracy | Organizations must keep data up to date and take appropriate steps to delete or rectify inaccurate or incomplete data. |
Limitation of storage | Organizations must keep data only for the period necessary to achieve the stated purpose and take appropriate steps to destroy or anonymize the data at the end of that period. |
Data integrity and confidentiality | Organizations must take appropriate measures to protect data from destruction, alteration, unauthorized disclosure or access. |
Transparency | Organizations must inform the individuals whose data they collect about the purpose of data collection and processing and provide them with access to the data. |
Accountability | Organizations must take responsibility for compliance with all data processing principles and take appropriate measures to ensure that they are respected. |
To check whether your organization complies with the principles of personal data processing, you can contact us to help you assess the current situation.