The principles relating to the processing of personal data are laid out within the data protection legislation and they form the backbone of the requirements for any organisation processing personal data. Failure to implement the principles throughout the organisation is deemed to be a significant breach of the regulation and could attract the highest level of fines from the supervisory authority.
The principles are summarised here as:
- Personal data shall be processed lawfully, fairly and in a transparent manner
- Personal data shall be collected for specific, explicit and legitimate purposes (purpose limitation)
- Personal data shall be adequate, relevant and limited to the what is necessary in relation to the purpose of the processing (minimisation)
- Personal data shall be accurate and, where necessary kept up to date (accuracy)
- Personal data shall be kept in a form which permits identification of the data subject for no longer than is necessary (storage limitation)
- Personal data shall be processed in a manner that ensures the appropriate security of the personal data (security)
In addition to the above, the data controller shall be responsible for, and be able to demonstrate that it is in compliance with the above principles (accountability).