6 GDPR Key Principles to know before May 25th

GDPR is very nearly upon us and with hefty fines associated for non-compliance, at least make sure your staff know the 6 GDPR key principles.

We recently wrote about what GDPR is and how ignoring the change on May 25th could spell disaster for you and your company in the shape of huge fines.

This time we’ll do a little more digging and point out the 6 GDPR key principles that underline the regulation.

If your company obtains, holds, collects or processes personal or sensitive data about a living person you must comply with these…

6 GDPR Key Principles

• The data you hold must be processed lawfully, fairly and transparently.

Your organisation must make sure your data collection process doesn’t break any laws and you aren’t hiding any information from the data subjects. You should state in a privacy policy the type of data you collect and the reason for doing so.

• Personal data can only be collected for specific and legitimate purposes.

The reason for having somebody’s data must be for a specific purpose, clearly tell the subject what that purpose is, and only collect it for as long as absolute necessary. There are caveats to those using data for public interest or scientific/historical or statistical reasons.

• The amount of data being held must be kept to a minimum.

You mustn’t hold more data than you reasonably need to. If there is a data breach then the information “stolen” will be limited. Keeping data to a minimum also helps you keep your data accurate and up to date.

• The data being kept must be accurate.

The accuracy of the data you keep is of the utmost importance; the exact wording in the regulation states “every reasonable step must be taken” to erase or rectify incorrect or incomplete data. An individual can request it be erased or corrected within 30 days of their request.

• The data must only be kept for the required amount of time.

Your organisation must delete personal data when its no longer needed. For example; is it needed after a sale has been made? Does the person remain a customer after this? If you’re unsure you should consult legal advice.

• The data must be kept secure.

The GDPR states data must be “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures”.

Because technological advances are always happening the exact method of doing this is not set in stone. Data should be encrypted at a basic level but there are many avenues to take when ensuring this principle is met, its best to consult a cyber security professional on this matter.

GDPR comes into full effect on the 25th May 2018 and you must make sure your company meets these 6 key GDPR principles, you can read up on the regulation in more detail on the government site.

Training on GDPR is mandatory for any staff that handle a person’s data.

eLamb can provide you with an in depth 1 hour GDPR Awareness course for £1,499 + VAT or with a lighter version, focusing mainly on the 6 GDPR key principles that underline the regulation for just £999 + VAT

To enquire about GDPR staff training or to ask us for individual prices, email us or call us on 01325 734 885.