Principles of GDPR
There are seven key Principles to GDPR. Following these principles will ensure that you have effective data protection policies in place.
Essentially, the principles are focussed on the rights of the individual, forcing organisations to think more carefully about the way that they work with data.
Cambridge Risk Solutions have a deep understanding of data protection, and experience in ensuring that clients have embedded effective and practical solutions that ensure that managing personal data becomes part of the organisational culture, which meets all regulatory requirements.
Principles of GDPR
The seven key principles:
- Lawfulness, fairness and transparency
- Purpose Limitation
- Data Minimisation
- Accuracy
- Storage Limitation
- Integrity and confidentiality (security)
- Accountability
In other words, organisations can only process in a way that is in accordance with the law, and in a way that is fair and transparent. Thus you must tell people that you are processing their data, how, and how long for!
Data can only be collected for specific and legitimate services. Thus, you cannot collect data for one purpose, and then use it for another.
Data must be adequate and limited to only what is needed. So, when I called and asked for a phone number for a dental surgery, being told that they needed my data of birth for ‘data protection purposes’ was completely against the regulations.
Accuracy is important, particularly in relation to sensitive personal data. You must ensure that you can keep personal data updated.
It is important to implement systems and technologies to ensure that you only keep the data as long as necessary, and then delete is as required. Do you really need that conference delegate list after 10 years?
The data must be processed in a secure way, following the standard information security guidelines of ‘Confidentiality, Availability and Integrity’.
Finally, for data controllers, you must be able to demonstrate accountability.
There is much to do to ensure effective data protection is in place; for assistance with your processes, contact Cambridge Risk Solutions today
We are happy to answer any questions about Business Continuity, Crisis Management, Information Security, Data Protection and Product Recalls.
How Can Cambridge Risk Solutions Help?
Cambridge Risk Solutions provides a range of services to assist with the implementation of effective Data Protection policies and procedures, and have an experienced Certified Data Protection Officer who can assist with your data protection compliance.
View some case studies of recent Data Protection projects.