Stay Legal UK

What are the data protection principles?

image to represent data protection

The General Data Protection Regulation (GDPR) which was implemented into United Kingdom (UK) law with the Data Protection Act 2018, sets out data protection principles that data controllers must comply with. They are as follows:

  • The lawfulness, fairness, and transparency principle – Lawfulness: there are six lawful bases for the processing of data as set out by the GDPR. (Please see another Stay Legal article on this subject.) Fairness: you should handle data in a way that people would reasonably expect and not use it in a way that has an unjustified adverse effect on the individual. If you deceive or mislead the individual when you collect the data, then it is likely to be unfair. Transparency: is fundamentally linked to fairness. You need to be clear, open, and honest with the individual as to who you are, and how and why you use their data. Fairness and transparency can be achieved with your privacy policy which should also include the lawful basis for processing.
  • The purpose limitation principle – You must be clear about what your purpose is for the processing. Your purposes should be recorded to comply with your documentation obligation, they should also be included in a privacy policy to comply with the transparency principle.
  • The data minimisation principle – The data you process should be adequate and sufficient to fulfil your stated purpose. It should also be relevant to that purpose and limited to only what is necessary.
  • The accuracy principle – You should make sure that the data you hold is correct and not misleading. You may need to update the data you hold. If you discover that any of the data is incorrect or misleading, you should then correct or erase the data as early as possible. The accuracy principle is clearly linked to an individuals right to rectification. (Another Stay Legal article has discussed the rights of a data subject)
  • The storage limitation principle – You should not keep data for longer than you need it. You should be able to justify the length of time you keep the data which will depend on your purpose. You should state the retention periods in a policy and regularly review the data you hold to anonymise or erase it when it is no longer needed. Data subjects have a right to erasure as discussed in another Stay Legal article. Personal data can be kept for longer if it is for scientific/historical research, archiving, public interest, or statistical purposes.
  • The integrity and confidentiality principle – You need to make sure you have appropriate and adequate security measures to protect the data you hold. Failure to comply with this principle can result in substantial financial penalties. It is often in the news when a larger company faces a fine for a data breach.
  • The accountability principle – You must take responsibility for what you do with data and how you comply with the other principles. You must have appropriate measures and records to be able to show your compliance.

You must comply with the above principles if your business collects and processes personal data. At Lawdit Stay Legal our packages take the stress of legal compliance away giving you more time to focus on other vital areas of your business. They include all the documents you need and with a free initial consultation there is no need to delay, so book today!

orange robot representing an entry level website compliance package orange robot representing an mid range website compliance package orange robot representing a gold-tier website compliance package Cartoon of an orange robot representing our top-tier diamond website compliance package

 

More From Stay Legal

Share this with your network
Share on linkedin
Share on twitter
Share on facebook
Share on email
Share on whatsapp