mitchell wilde solicitors nottingham and derby

0115 8371 430

GDPR 2 – What constitutes personal data and what are the six principles of personal data processing?

What constitutes personal data and what are the six principles of personal data processing?

What is personal data under GDPR?

Article 4 (1) of GDPR sets out that personal data means:

‘any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’

This could include a wide variety of pieces of information – including but not limited to things like phone numbers or email addresses right through to job titles and financial details.

6 Principles

Article 5(1) of GDPR sets out 6 principles relating to processing of personal data.

  • Lawfulness, fairness and transparency. Personal data should be processed according to these principles.
  • Purpose Limitation. Personal data should be collected for specific legitimate purposes. If further processing is carried out for archiving, public interest, scientific or historical research or statistical purposes – this will be considered within the initial legitimate purposes.
  • Data Minimisation. Personal data should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  • Accuracy. Personal data should be accurate and up to date. Organisations must make reasonable steps to ensure the data they have is correct.
  • Storage Limitation. Personal data should be kept in an identifiable form only or as long as is necessary for the purposes for which it was collected.
  • Integrity and Confidentiality. Personal data should be given the appropriate level of security – including protection from unauthorised or unlawful processing and against accidental loss, damage or destruction. Technical measures and organisational measures should be used as necessary.

Share this

  • /

Head Office

0115 8371 430


72 Wollaton Road


Derby Office

01332 460031


Wyvern House
Railway Terrace
Derby DE1 2RU



Mitchell Wilde LLP is a Limited Liability Partnership registered in England and Wales (LLP Number OC 311296) and is authorised and regulated by the Solicitors Regulation Authority. Our SRA number is 417965. Our VAT registration number is 847246995. Our professional rules are available from the Solicitors Regulation Authority website.

If you are a client and we have made a contract with you by electronic means you may be entitled to use an EU online dispute resolution service to assist with any contractual dispute you may have with us. This service can be found at Our email address is

Mitchell Wilde LLP © 2009-2023 | HTML Sitemap | Privacy Policy | Website Terms | Complaints Procedure

Web design & SEO by Website Design Derby Ltd