GDPR 2 – What constitutes personal data and what are the six principles of personal data processing?
What constitutes personal data and what are the six principles of personal data processing?
What is personal data under GDPR?
Article 4 (1) of GDPR sets out that personal data means:
‘any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’
This could include a wide variety of pieces of information – including but not limited to things like phone numbers or email addresses right through to job titles and financial details.
6 Principles
Article 5(1) of GDPR sets out 6 principles relating to processing of personal data.
- Lawfulness, fairness and transparency. Personal data should be processed according to these principles.
- Purpose Limitation. Personal data should be collected for specific legitimate purposes. If further processing is carried out for archiving, public interest, scientific or historical research or statistical purposes – this will be considered within the initial legitimate purposes.
- Data Minimisation. Personal data should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accuracy. Personal data should be accurate and up to date. Organisations must make reasonable steps to ensure the data they have is correct.
- Storage Limitation. Personal data should be kept in an identifiable form only or as long as is necessary for the purposes for which it was collected.
- Integrity and Confidentiality. Personal data should be given the appropriate level of security – including protection from unauthorised or unlawful processing and against accidental loss, damage or destruction. Technical measures and organisational measures should be used as necessary.
Share this
News
Please call us on: 0115 8371 430