08 Jun The 7 Pillars of GDPR Compliance
If you have read our previous article, about if you need to comply with GDPR and have reached the conclusion GDPR is mandatory for you – these are 7 principles (we call them pillars of the GDPR) as outlined by the ICO.
The GDPR is formulated on 7 key principles, they are set out from the beginning and inform everything that follows in the legislation. They don’t give hard rules that can be dictated, but rather “embody the spirit” of the GDPR. These pillars, or principles are outlined by the independent commission and are not meant to act as legal guidance.
Lawfulness, fairness, and transparency:
Organizations must identify valid grounds for the collection and use of personal data. You must ensure that you don’t do anything with the data that is in the breach of any other law. The data must be dealt with in a way that is not unduly detrimental, unexpected or misleading.
You must be clear, open and honest from the start about what you will use the personal data for.
Businesses should identify the minimum amount of data required to carry out their needs, and this is the maximum amount of data that the business should hold at any time. The data can only be collected for the specified purposes, and this purpose must be periodically reviewed, any data that is held that doesn’t meet this protocol should be removed.
It is the business’s obligation to ensure that all reasonable steps are taken to ensure that any information gathered is not misleading or incorrect. If you discover that personal data is incorrect or misleading you must take reasonable steps to correct and erase it as soon as possible.
You must keep the data of individuals for as short a time as is possible. As a business you will need to justify how long you store personal data, once again you should also periodically review and anonymize data when you no longer need it.
Integrity and confidentiality (security):
Your business must ensure that all appropriate measures have been put in place, and they are all secure enough to protect the personal data you hold. Doing this effectively will require your business to consider things like risk analysis, organizational policies and physical and technical measures.
The accountability principle decrees that you are required to take full responsibility for what you do with personal data and how you comply with the law. You must have taken appropriate measures and records in place to demonstrate your compliance.
- How Evolving Technology is Changing Workplace Communication - November 8, 2019
- What is Cloud Native? - November 5, 2019
- Help! I need 10TB of high availability storage now! - August 26, 2019
- Magento vs WordPress | What’s Best for your Business – Pros & Cons - August 22, 2019
- What is the best platform for eCommerce Websites? Shopify, Magento, or WordPress? - July 23, 2019
- What should I do, I have received a letter requesting a BSA software audit? - July 15, 2019
- What is the BSA Software Alliance? - July 15, 2019
- Benefits of Office 365 for Business – What plan is for you? - June 21, 2019
- Office 365 Business Premium vs Essentials: - June 20, 2019
- Office 365 Business Premium vs Business (Standard): - June 20, 2019