top of page
Search

The 7 and 6 Principles of the GDPR

Dec 19, 2018

The General Data Protection Regulation was been discussed here before, but keep in mind that Chapter II of the GDPR specifies 6 key principles for processing personal data and 7 general principles overall.

1. ARTICLE 5 - Processing of Personal Data

1. Must be lawful and transparent.

2. The processing must be limited to a specified purpose.

3. Only the minimum data needed should be processed

4. Inaccurate data must be immediately erased or corrected.

5. Personal data must be stored in a manner permitting personal identification for no longer than is necessary.

6. Data Security must be maintained.

THINK: MC PSST - MINIMIZE; CORRECT; PURPOSE; STORE; SECURITY; TRANSPARENT

2. ARTICLE 6 - Lawfulness of Processing

Data can only be processed if there is consent; a contractual obligation; a legal obligation; a need to protect a vital interest of a person; a public interest; or legitimate interests of a third party that don't override the rights of the data subject.

3. ARTICLE 7 - Conditions for Consent

Specific consent must be given for specific matters and consent can be withdrawn at any time.

4. ARTICLE 8 - Child's Consent

Parental consent is needed for the use of data pertaining to children younger than 16 years old.

5. ARTICLE 9 - Special Categories of Personal Data

Data cannot be processed to show a person's racial or ethnic origin, political opinions, sexual orientation, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data to identify a person is prohibited without consent or for another legitimate purpose.

6. ARTICLE 10 - Criminal Convictions

Only official authorities can keep a comprehensive register of criminal activity.

7. ARTICLE 11 - Processing That Does Not Require Identification

If the purpose for which data is processed does not require identification of a data subject, the controller does not have to process additional information to identify the data subject for the purpose of complying with the GDPR.

This is a silly anagram, but think: LID CCCC


Sean O'Shea has more than 20 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

​

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.

​

If you have a question or comment about this blog, please make a submission using the form to the right. 

Your details were sent successfully!

© 2015 by Sean O'Shea . Proudly created with Wix.com

bottom of page