Business, Software

The 7 GDPR principles. Principles relating to the processing of personal data

August 21, 2023 No comments yet

Introduction. What are the 7 principles of GDPR? Why are they important?

Article 5 of the GDPR explains the principles underlying the GDPR. For a correct application of the General Data Protection Regulation, you need to have a good understanding of these 7 principles. Without GDPR, there would be no foundation on which to build laws. Because people’s personal data is involved in so many things, you will have to deal with it in any service you provide, which presents you with a big challenge in terms of keeping that personal data. A good understanding of the 7 GDPR principles allows you to know your role as a data controller and what you need to do, helping you avoid breaches and
GDPR sanctions
. The text of the Regulation is so long and written in legal language that you may need someone to explain it to you. However, most of the laws in the GDPR boil down to these 7 principles, which means that if you understand them, you can get a general idea of the topic.

1. Principle of legality. Legality, fairness and transparency

The three components of this GDPR principle (legality, fairness and transparency) are closely linked.

What does “lawfulness” mean in GDPR?

According to the principle of “lawfulness” there must be a legal basis for processing the data, otherwise the processing is unlawful. There are six situations in which you are allowed to process personal data. If you don’t rely on one of these six cases when processing people’s personal data, you are in breach of the GDPR.

The six legal grounds for processing personal data are as follows:

  1. Consent; in this case, the data subject gives you permission to process the data.
  2. Contract; where there is a contract between you and the data owner that is necessary to process personal data.
  3. Legal obligation; in this case there is a law that obliges you to process some personal data.
  4. Vital interest; in this case, the processing is necessary for the life of the data subject, for example, if a hospital wants to see a patient’s medical history for urgent surgery.
  5. Public interest; if the processing is necessary for a task related to the public interest.
  6. Legitimate interest; where the processing is necessary to achieve a legitimate interest.

There is also another meaning of “lawfulness”, which means that you are not doing anything illegal by processing the data.

What is the meaning of “fairness”?

All aspects of the processing of personal data must be fair in the sense that you must process personal data as you expect and as you have agreed with the data subjects. To ensure that you treat data fairly, data processing must be tailored to the interests of data subjects.

Fairness requires that the persons concerned must be informed that their personal data are processed, including how they are collected, stored and usedto enable them to make informed decisions about their data and to exercise their data protection rights. In addition, the controller shall process the data only in ways that the data subject would reasonably expect and shall not use the data in a way that could adversely affect the data subject.

What is the meaning of “transparency”?

Transparency here can have a meaning close to “fairness” and means being honest and clear with data owners from the outset, you need to tell the people whose data you are processing who you are, what you are offering them and what you are doing with their data. This point is important, especially if the data subject intends to enter into a long-term agreement with you. To achieve transparency in your services, your privacy policy must be comprehensive and clear.

We refer to the principle of lawfulness that data are processed lawfully, fairly and transparently in relation to the data subject.

 Read more about personal data, what categories of personal data exist and what else you need to know about them to be GDPR compliant.

2. Purpose limitation principle

Your processing of personal data must have a specific and explicit purpose from the outset, and this purpose must be fully clear from the outset. If you apply the first principle, especially the transparency part, you will realise much of the purpose limitation principle. However, the GDPR does not prevent you from processing personal data for purposes other than those mentioned in the Privacy Policy and agreed at the outset, but under certain conditions. You may process personal data for a new purpose that was not originally agreed upon if there is a relationship between the new purpose and the original purpose or if you have obtained the data subject’s permission for the new purpose.

If you are going to process data for purposes that are consistent with the original purpose agreed with the data subject, you do not need to find a legal basis from the 6 bases we mentioned in the first principle of the GDPR, whereas if you are processing data for a new purpose, you will need to base the data processing on a new legal basis and you need a new permission from the data owner.

We hold to the purpose limitation principle that data are collected for specified, explicit and legitimate purposes and are not further processed in a way incompatible with those purposes. Further processing for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes is not considered incompatible with the original purposes.

 

Leave a Reply

Your email address will not be published. Required fields are marked *