GDPR principles and organizations’ obligations
Data processing principle Obligations of organizations
Data minimization Organizations should only collect and process data that are absolutely necessary to achieve the stated purpose.
Clear intent and linkage to purpose Organizations must clearly state the purpose of data collection and processing and ensure that the data collected are adequate, relevant and limited to what is necessary to achieve that purpose.
Data accuracy Organizations must keep data up to date and take appropriate steps to delete or rectify inaccurate or incomplete data.
Limitation of storage Organizations must keep data only for the period necessary to achieve the stated purpose and take appropriate steps to destroy or anonymize the data at the end of that period.
Data integrity and confidentiality Organizations must take appropriate measures to protect data from destruction, alteration, unauthorized disclosure or access.
Transparency Organizations must inform the individuals whose data they collect about the purpose of data collection and processing and provide them with access to the data.
Accountability Organizations must take responsibility for compliance with all data processing principles and take appropriate measures to ensure that they are respected.

To check whether your organization complies with the principles of personal data processing, you can contact us to help you assess the current situation.