Data Management - GDPR
The European Union started enacting the General Data Protection Policy (GDPR) on May 25, 2018. The GDPR strengthens the protection of personal data and gives control to EU citizens over processing of their personal data by any company or legal entity. This goes far beyond organizations located in Europe. All organizations that collect, store and process personal data of EU citizens must be GDPR compliant.
It is important to outline the principles organizations need to follow when they work with EU citizens’ personal data in any way:
- The principle of lawfulness, fairness and transparency
The first principle implies that the organizations need to make sure they are respecting the law, that they are clear about the data they collect and about the purpose of collecting. The organizations processing the data must provide the all available information about related personal data when requested by the data subject.
- Purpose limitation
This principle is about collecting only the data an organization needs. Personal data should only be collected for a specific purpose, which has been clearly stated prior to collection.
- Data minimization
The Data minimization principle requires that the organizations store only the necessary minimum amount of data they need for a specific purpose.
The accuracy principle is self-evident - all information about the subject data needs to be accurate, up-to-date and fit for purpose. Individuals whose data an organization collects have the right to request that the invalid data be erased or corrected.
- Storage limitations
This principle requires that the data which is no longer needed gets deleted. To comply with this principle, the organizations must have control over the data storage and movement. Redundant and replicated data should not be stored.
- Integrity and confidentiality
The organizations that are collecting, processing and storing the data are now responsible for providing the appropriate security measures. This includes appropriate measures against unauthorized or unlawful data access and accidental data loss or damage.
Other important links: