Similarly, organisations need to delete personal data when it’s no longer necessary. Individuals have the right to request that inaccurate or incomplete data be erased or rectified within 30 days.
The GDPR states that “every reasonable step must be taken” to erase or rectify data that is inaccurate or incomplete. The accuracy of personal data is integral to data protection. Second, data minimisation makes it easier to keep data accurate and up to date. Doing so has two major benefits.įirst, in the event of a data breach, the unauthorised individual will only have access to a limited amount of data. Organisations must only process the personal data that they need to achieve its processing purposes. Processing that’s done for archiving purposes in the public interest or scientific, historical or statistical purposes is given more freedom. Organisations should only collect personal data for a specific purpose, clearly state what that purpose is, and only collect data for as long as necessary to complete that purpose. To remain transparent with data subjects, you should state in your privacy policy the type of data you collect and the reason you’re collecting it. To remain lawful, you need to have a thorough understanding of the GDPR and its rules for data collection. The first principle is relatively self-evident: organisations need to ensure their data collection practices don’t break the law and that they aren’t hiding anything from data subjects. We take a look at each principle in this blog, and provide advice on how they should fit within your GDPR compliance practices. Indeed, small organisations, which often lack the resources to appoint data protection experts to guide them through compliance, may find them particularly useful.
#Basic data protection principles how to#
These are an essential resource for those trying to understand how to achieve compliance. The GDPR (General Data Protection Regulation) outlines six data protection principles that summarise its many requirements.
0 kommentar(er)
