7 Principles of Personal Data Processing
Principles of personal data processing underpin the new General Data Protection Regulation (GDPR). These principles set out obligations for businesses and organisations that collect, process and store individuals’ personal data.
The GDPR outlines 7 principles of personal data processing that you must comply with when processing personal data. These principles relate to:
- Lawfulness, fairness and transparency – Personal data must be processed lawfully, fairly, and transparently in relation to the data subject.
- Purpose limitation – You may only collect personal information for specific, explicit, and lawful purposes. You must clearly state this purpose, and only collect data for as long as is required to fulfil it.
- Data minimization – You must ensure that the personal data you process is adequate, relevant, and limited to what is necessary for the purpose for which it is being processed.
- Accuracy – You must take all reasonable measures to update or remove inaccurate or incomplete data. Individuals have the right to request that you delete or correct inaccurate information about them, and you must comply within one month.
- Storage limitation – You must delete personal information when it is no longer required. In most instances, timeframes are not set. They will depend on the circumstances of your business and the reasons for collecting this information.
- Integrity and confidentiality – You must safeguard and protect personal data against unauthorised or illegal processing, as well as accidental loss, destruction, or damage, using appropriate technical or organisational measures.
- Accountability – You are responsible for adhering to the GDPR’s principles. The new law mandates that all policies governing the collection and processing of data be meticulously documented.
Why are the principles of personal data processing is important?
The GDPR is founded on these principles. They are outlined at the very beginning of the legislation and are the basis for all that follows. There are very few exceptions because they don’t provide strict guidelines but rather represent the spirit of the overall data protection regime.
Therefore, adherence to the spirit of these core principles is a vital tenet of sound data protection practise. Additionally, it is essential to your ability to adhere to the GDPR’s specific rules.
You run the risk of receiving hefty fines if you don’t follow the rules. According to Article 83, the greatest level of administrative sanctions is applied to violations of the fundamental principles for the handling of personal data.
What are the basis of principles of personal data processing?
1. In relation to any principles of personal data processing activity before the processing starts for the first time:
Review the purposes of the particular processing activity and choose the most appropriate legal basis for that processing, such as:
- that the data subject has agreed to the processing;
- that the processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract;
- that the processing is necessary for the protection of the vital interests of the data subject or of another natural person;
- that the processing is needed to carry out a task in the public interest or to carry out an official duty;
- where the principles of personal data processing are not carrying out tasks as a public authority, that the processing is necessary for the legitimate interests of the data subject or a third party, unless the interests of the data subject’s fundamental rights and freedoms are more important.
- Make sure that the processing is necessary for the purpose of the relevant legal basis, unless the processing is based on consent.
- Write down how we decided which legal basis applies, so we can show that we’re following the data protection principles.
- In our privacy notices to you, we should tell you both what the processing is for and why it is legal.
Singapore’s commitment to data protection is part of a larger effort to stay on the cutting edge of digital policies while keeping it as business-friendly as possible. The law incentivises entrepreneurs to take customer data seriously by appointing data officers, respecting the right of customers not to be marketed to, and storing personal data with care.