7 Principles of GDPR

7 Principles of GDPR

The GDPR data privacy law across Europe ensure that peoples personal data is protected. Is it time for a refresh on what GDPR means for your business? Or maybe you aren’t sure what comes under GDPR?

Lawfulness, fairness and transparency

This principle is one of the most important areas which gives total transparency in relation to data. When data is collected, organisations must be clear about why it’s being collected and how it’s going to be used.

Purpose limitation

Businesses or organisations must have a specific and legitimate reason for collecting and process people’s personal data. This area ensures that the personal information can only be used for a specific purpose and can not be used for any other reason, the data subject has provided their explicit consent.

Data minimisation

Under the GDPR, data must be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.”  This means that businesses should only store the minimum amount of information needed for the purpose. It says that organisations can’t collect personal data on the off chance that it might be useful in the future.


The personal information must be accurate, fit for purpose and kept up to date. Meaning, businesses should review the information held regularly to determine if it needs to be deleted or updated. Individuals hold the right to request that incorrect or incomplete data can be deleted and rectified within 30 days.

Storage limitations

Once a company no longer needs the information for the purpose it was originally collected for, it must be deleted or destroyed unless other terms are agreed. The GDPR does not state how long you should keep personal data. It’s up to your organisation to determine this, based on the purposes for processing.

Integrity and Confidentiality

This area is primarily based on security. Your business is responsible to ensure all the right measures are taken to keep personal data safe, this could be protection form internal threats such as accidental loss or damage, unauthorised use, as well as external threats such as theft, malware and phishing.


This final area states that businesses must take responsibility to ensure the data complies with the other principles. This means that organisations must be able to give evidence and the steps they have taken to demonstrate compliance.

For more information about GDPR or to get your business reviewed, get into contact with our team today on 020 3362 4436