While the GDPR might seem complex, at its core is the protection of privacy. And although there are many articles and compliance restrictions that make up the new regulations, the GDPR is fundamentally based on six principles relating to the processing of personal data:
- It is processed lawfully, fairly and in a transparent manner
- It is collected for specific, explicit and legitimate purposes
- Its use is adequate, relevant and limited to what is necessary for processing
- It is correct and, where necessary, this accuracy has a means of being maintained
- It is only retained for as long as necessary
- Processing is undertaken in a manner that will protect its security.
These key requirements underpin all measures that need to be taken to comply with the GDPR. As good practice, organisations should encourage the consideration of all these principles within any activities that use personal data – developing a business culture that aligns with the new rules is key to their smooth introduction and ongoing execution.
These core principles are a great place to start when preparing your business for the GDPR. But there’s a lot more to it than just these 6 steps – contact us for more straight-talking information and to find out more about our GDPR services!