There are six key principles that give an overview of the responsibilities that organisations have under GDPR, these include:

Lawfulness, fairness and transparency – letting data subjects know how their data will be processed and ensuring that this is done so in line with the regulation.

Purpose limitation – ensuring that data is collected for a specific and legitimate purpose.

Data minimisation – all data collected should be adequate, relevant and limited to what is necessary for the purpose it is being used for.

Accuracy – data must be accurate and kept up to date and properly safeguarded from identity theft.

Storage limitations – data must not be stored for longer than necessary.

Integrity and confidentiality – data processors must handle personal data in a way that ensures the appropriate security and protection against unlawful processing or accidental loss, destruction or damage.

Accountability – on top of these, and unlike under the data protection act 1998, GDPR states that the data controller and data processor are equally accountable for their own controls with regards to each of the above.

Although GDPR offers general compliance guidelines, how you achieve compliance can be open to interpretation, meaning that you need to know what your responsibilities are and what needs to be done to adhere to the regulation. The good news is that no matter which stage you’re at in your compliance journey, we’re here to share our knowledge and help you along the way.

Learn more about the Fines and Penalties


Talk to us

Fill in this form to speak directly with one of the team about this service: