What are the Data Protection Principles?

Understanding the principles which underpin the UK GDPR can help you to develop a better understanding of the legislation.

As the ICO says, the principles “should lie at the heart of your approach to processing personal data”.

So what are they?

 

Lawfulness, Fairness and Transparency

There must be a lawful basis to permit the use of personal data.

These bases are set out in Article 6 of the UK GDPR (plus the conditions under Article 9 where you are processing special category data and Article 10 for criminal offence data).

You should process personal data in a way which would not be unexpected, assess how the processing will affect the individuals concerned and you must explain clearly how personal data will be used (the last often done via privacy notices). 

 

Purpose Limitation

Personal data must only be used for specified, explicit, and legitimate purposes.

Before you collect personal data, you should carefully consider what you intend to use it for, record this, and ensure you share this information with individuals in your privacy information.

Any proposed change in purpose/additional purpose will require careful consideration to ensure it can be done compliantly.

Having a clearly set purpose for your processing will increase trust in your organisation and how it handles personal data. 

 

Data Minimisation

You should only collect and use personal data that you need for your purposes.

For example, a form for people to sign up to an email newsletter sent by a furniture retailer should include a field for the customer’s email address but it is unlikely, for example, that their date of birth will be needed.

Don’t collect personal data on the off chance you will need it later and review the data you hold regularly to ensure you delete anything you no longer need.

 

Accuracy

You must take reasonable steps to ensure that personal data is accurate and kept up to date (where up-to-date data is necessary for the processing).

Inaccurate data can have potentially damaging consequences, for example, if a customer informs a bank of their new address but the bank does not update this on their system, this could result in sensitive financial information being sent to the wrong address.

You must also take reasonable steps to correct inaccurate data as soon as possible.  

 

Storage Limitation

You must only keep personal data for as long as you need it for the purposes for which you collected it.

There are no specific time limits set by the UK GDPR, it depends on how long you need the personal data for your purpose.

You will also need to document how long you keep personal data.

 

Integrity and Confidentiality

You must have appropriate measures in place to keep personal data secure, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, by using appropriate technical and organisational measures.

Such measures might include, by way of example, the use of firewalls, password protection, physical security measures such as access cards to enter an office, and methods to restore access to personal data in the event this is lost.

The key is that the measures must be appropriate, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risks (including consideration of likelihood and severity of the same) presented by the processing.

 

Accountability

The accountability principle makes you responsible for complying with the UK GDPR and being able to show that you are complying with it.

You will need to put in place technical and organisational measures to achieve this.

There are many different measures which may be applicable (some of which are mandatory) including, for example, maintaining clear and up-to-date policies and procedures, documenting your processing activities, conducting data protection impact assessments where necessary, putting in place appropriate contractual provisions with third parties who you share data with, and recording and reporting breaches, to name but a few. 

 

Contact Us

If you are interested in improving data protection compliance in your business, please get in touch by emailing hello@hellodpo.com to contact a member of the team.

Share:

Facebook
Twitter
Pinterest
LinkedIn

Related Posts

Don't just take our word for it
"We have been working with HelloDPO for several years now and I have always found them to be friendly, approachable and above all professional in their approach. I would have no hesitation in recommending them."
Serena MayDirector, Southern HR Ltd
Serena May
"We have been working with HelloDPO for several years now and I have always found them to be friendly, approachable and above all professional in their approach. I would have no hesitation in recommending them."
Serena MayDirector, Southern HR Ltd
Serena May
“We have worked with Jenai, Alison and the HelloDPO team for over 5 years as our DPO and have found their advice and support invaluable. They are pragmatic and flexible in the advice they provide, and assist in making data protection compliance apply in a corporate environment. Working with them is like having additional members of our team, and the relationship has flourished over time."
Craig SaundersHead of International Privacy, Aetna Global Benefits (UK) Ltd
Craig Saunders
“The team (Jenai and Lisa) provided DPO services and compliance support to our business for over a year, during which they consistently delivered high quality advice and excellent client service. The demands of the hospitality industry are high and HelloDPO adapted to this quickly and seamlessly – they are responsive, knowledgeable, and pragmatic. They are also a pleasure to work with.”
Frasers Hospitality (UK) Ltd
“We have been working with HelloDPO for nearly a year. The team have been great to work with, highly professional and flexible. Most importantly, they have given clear advice and guidance in what is a very complex area. Well done and we look forward to continuing working with you!”
Ruth HidalgoDirector, Chartered Accountants Worldwide
Ruth Hidalgo
“The HelloDPO team have led us patiently through the intricacies of GDPR over the years, helping us to navigate a careful path to ensure understanding of the rules and therefore compliance with them. HelloDPO are a pleasure to work with and I’d have no hesitation in recommending them to others looking for good, commercial advice in this complex area.”
Sanjay PatelFinance Director, Cadogan Group Limited
“We have recently engaged HelloDPO and the team, led by Jenai, has been responsive, practical and generally very helpful when dealing with our data protection queries. We look forward to what’s on track to becoming a great working relationship!”
Federica CozzaniSenior Legal Counsel, Compre Group
Federica Cozzani
“If you’re looking for trustworthy, pragmatic and diligent legal advisors, say Hello(to)DPO! The team has been a great support to Skyscanner on a broad range of privacy and data protection matters, whether advising at a compliance level or on more acute legal issues. You’ll enjoy considerate, timely and helpful advice, provided by professionals with whom it’s a delight to work.”
Gemma WithamDirector of Legal (Privacy), Group Privacy Officer, Sykscanner Limited
Gemma Witham
“Jenai and Emma are amazing to deal with. They strike the right balance between understanding the business needs while doing it’s fiduciary duty to ensure we are on the right track from a legal, ethical and moral perspective. Working with HelloDPO’s guidance over the past 2 years has enabled X-Mode (now known as Outlogic) to be able to navigate complex and at times uncertain waters with GDPR in a strategic and ethical manner.”
Joshua AntonCEO, Outlogic
Joshua Anton
“A great bespoke service, delivered flexibly by absolute experts in a friendly, collaborative and accessible way. I cannot recommend more highly!"
Clare RussellInterim Head of Legal, Vue UK & Ireland
Clare Russell
“HelloDPO have been brilliant at getting our data compliance into shape. We have come such a long way in our ways of working and they are always on hand to help when we have complicated or urgent issues – they have simply become part of the team."
Josh TowbHead of Business Transformation, Jigsaw
Josh Towb
“The HelloDPO team have provided Channel 4 with a wide range of data protection advice over the years. Alison is always delightful to work with, and her advice is pragmatic and set within a commercial context, which is particularly helpful. HelloDPO runs regular DP Confessionals, which provide our team with a valuable wider industry view and a sense of issues which other organisations are struggling with, and the ways in which they are approaching them."
Rebecca MillerChannel 4
Previous
Next

Subscribe to our privacy news and legislation updates

Subscribe now

HelloDPO

We are here to make our data-driven world a more equitable and ethical place to live, work, and thrive by pragmatically balancing our clients’ commercial ambitions with every individual’s right to privacy.

Linkedin
Navigation
Legal & compliance
HelloDPO Law Logo
© 2024 HelloDPO. All rights reserved. The use of any material on the website without our prior written consent is strictly prohibited.

Website developed by Bowler Hat

Data Protection; Demystified