08 Jun The 7 Pillars of GDPR Compliance
If you have read our previous article, about if you need to comply with GDPR and have reached the conclusion GDPR is mandatory for you – these are 7 principles (we call them pillars of the GDPR) as outlined by the ICO.
The GDPR is formulated on 7 key principles, they are set out from the beginning and inform everything that follows in the legislation. They don’t give hard rules that can be dictated, but rather “embody the spirit” of the GDPR. These pillars, or principles are outlined by the independent commission and are not meant to act as legal guidance.
Lawfulness, fairness, and transparency:
Organizations must identify valid grounds for the collection and use of personal data. You must ensure that you don’t do anything with the data that is in the breach of any other law. The data must be dealt with in a way that is not unduly detrimental, unexpected or misleading.
You must be clear, open and honest from the start about what you will use the personal data for.
Businesses should identify the minimum amount of data required to carry out their needs, and this is the maximum amount of data that the business should hold at any time. The data can only be collected for the specified purposes, and this purpose must be periodically reviewed, any data that is held that doesn’t meet this protocol should be removed.
It is the business’s obligation to ensure that all reasonable steps are taken to ensure that any information gathered is not misleading or incorrect. If you discover that personal data is incorrect or misleading you must take reasonable steps to correct and erase it as soon as possible.
You must keep the data of individuals for as short a time as is possible. As a business you will need to justify how long you store personal data, once again you should also periodically review and anonymize data when you no longer need it.
Integrity and confidentiality (security):
Your business must ensure that all appropriate measures have been put in place, and they are all secure enough to protect the personal data you hold. Doing this effectively will require your business to consider things like risk analysis, organizational policies and physical and technical measures.
The accountability principle decrees that you are required to take full responsibility for what you do with personal data and how you comply with the law. You must have taken appropriate measures and records in place to demonstrate your compliance.
- VMware Workshop Power of Digital Transformation - June 13, 2018
- HTTPS: Naming and Shaming Unsecured Sites - June 12, 2018
- The 7 Pillars of GDPR Compliance - June 8, 2018
- ทำไม GDPR จึงสำคัญสำหรับธุรกิจ? – ผู้เชี่ยวชาญด้านความปลอดภัยและไอทีควรทราบอะไรบ้าง - June 5, 2018
- Do I need to comply with GDPR? - June 5, 2018
- เราจะทราบได้อย่างไรว่าต้องปฏิบัติตาม GDPR หรือไม่? - June 1, 2018
- Are you down with BCP? Yeh, you know me! - June 1, 2018
- Why is GDPR Important for my business? What Security & IT Professionals Should Know. - May 31, 2018
- How To Do: Keyword Research - May 28, 2018
- The Secret Sauce: Guaranteed First Page Ranking? Yes, Please! - May 28, 2018