The GDPR has 7 Data Protection Principles which all organisations should become familiar with.
Learn More!Under GDPR, the seven primary information and data protection principles are:
Our Erudite GDPR Solution provides a self-service page for Subject Access Requests or Help Desk based portal for your staff to take requests and record them.
Purpose is about explaining what data you need and why it's necessary to collect it. It is not acceptable to harvest or collect more data than you need.
Our Erudite GDPR Solution enables you to document purpose, legal basis, data retention and more.
Personal Data must be processed lawfully, fairly and transparently, this is done by identifying the legal basis for GDPR, documenting it and communicating it to data subjects.
Remember these facts:
*Fair use of data means you must not process the data in a way that is unduly detrimental, unexpected or misleading You must have told the individual exactly what you plan to do with that data.
Our Erudite GDPR Solution enables Data Subjects to Raise their own Right of Access Request on our portal or they can be stored via our Portal by your team.
Personal data must be adequate, relevant and limited to what is necessary for the purposes in which it is processed. It must be just enough to do the job you need to do but not more.
You must ensure the personal data you are processing is:
As a principle, Personal data must be accurate and kept up to date if relevant. While GDPR does not define accurate, The Data Protection Act 2018 says that ‘inaccurate’ means incorrect or misleading.
The right to erasure applies if:
The GDPR principle includes a proactive obligation to take reasonable steps to delete or correct inaccurate personal data. The GDPR does not explicitly distinguish between personal data that you create and personal data that someone else provides.
The core of this principle is - You must not keep personal data for longer than you need it!
You must be able to justify the data retention period you apply to personal data – the best place to do this is your policy which defines data retention periods. It's advisable to periodically, such as annually to review the data you hold and erase or anonymise it.
Our Erudite GDPR Solution enables you to record your retention periods, justify it and receive reminders to review them.
Known as the Security principle, integrity and confidentiality cover how you protect personal data. Personal Data shall be processed in a manner that ensures appropriate security of the personal data. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
When a fraudster has personal data, it makes them more convincing when they impersonate an individual or trick an individual into believing they are someone they’re not, such as your bank manager. If lost, an individual could be subject to:
The accountability principle requires you to take responsibility for what you do with personal data and how you comply with the other principles.
You must have appropriate measures and records in place to be able to demonstrate your compliance. Use audits to help you achieve this.
Some measures that you can, and in some cases must, take include:
Putting in place a solution that helps you be compliant and manage the day to day tasks of complying with GDPR helps demonstrate your committment. Read more about our GDPR Solution .
Our Free Trial gives full access to the functionality for a time limited period so you can fully explore our GDPR Solution called Erudite. Our no obligation Free Trial will let you see how our GDPR solution can add value to your business and make compliance with GDPR simpler and less daunting.
Let's Get Started!