How many data protection principles are there? The GDPR sets out seven principles for the lawful processing of personal data. Below we have an overview of what the seven data protection principles are, and how these current seven principles of data protection have been incorporated.
How Many Data Protection Principles Are There?
There are 7 data protection principles. These are:
Lawfulness, fairness, and transparency
The first data protection principle of lawfulness, fairness, and transparency essentially means that you must only process data. It is for specified, explicit, and legitimate reasons (i.e for a specific purpose).
If you are processing the data for any other reason, it is not lawful processing. You must also ensure that you are being fair with the individual whose data you are processing.
Purpose limitation
The second data protection principle of purpose limitation means that you must only process the data for the specific and explicit purpose for which it was collected.
Data minimization
The third data protection principle is data minimization. You should collect only the personal data you need for your specific purpose.
This will minimize the risk of a breach, and make sure that you are being fair to the individual whose personal data you are processing.
Adequate, relevant, and limited to what is necessary
The fourth data protection principle is adequate, relevant, and limited to what is necessary for your specific purpose(s). In other words, when you collect personal data, you must keep it up-to-date and accurate.
You should not keep it for longer than you need it. You must also make sure that you are collecting only the personal data you need for your specific purpose.
Accuracy
The fifth data protection principle is accuracy. This means that you must ensure that the personal data you hold about an individual is up to date and accurate.
If it is not accurate, then you will be breaching this data protection principle.
Taking steps to ensure that the personal data you hold about an individual is up to date and accurate will help you to comply with the other principles as well (lawfulness, fairness and transparency, purpose limitation, data minimization, and retention).
Storage limitation
The sixth principle of data protection says that you must only store the personal data you hold for as long as you need it. You should delete the personal data or ensure that it is when you no longer need it.
Retention limitation
The seventh data protection principle says that you must not keep personal data any longer than you need it for your specific purpose(s).
Data Protection Principles: Risks
There are risks in not complying with the seven data principles. These include the chance of fines and penalties, negative publicity and reputational damage, and a possible loss of trust from customers and clients.
You could also be at risk of a claim for compensation from an individual whose data you have mishandled.
Conclusion
There are seven data protection principles. You must comply with the seven data protection principles to comply with the GDPR.