![]() In the scope of this article we mention some separately though because, although they are closely intertwined (and also intertwined with other principles and rules across the GDPR), they do come back in a separate way across the GDPR. ![]() For example: the first personal data processing principle which Article 5 mentions is ‘lawfulness, fairness and transparency’. ![]() Several of these principles are bundled so to speak. Whether it concerns the GDPR itself, the guidelines of the European Data Protection Board or supervisory authorities, jurisprudence, the practical aspects for organizations in getting in line with the GDPR or the interpretation of rights, obligations and more: they always are there, as the crucial guidelines embedded in the Regulation which the principles relating to processing of personal data really are.Īs we mentioned in our overview of GDPR Chapter 2 where the personal data processing principles of Article 5 belong to, there are really six principles for personal data processing (which are sometimes also called the six data processing principles or six privacy principles) and an additional one (in paragraph 2) on accountability, which applies to all six. The reasons why these personal data processing principles are essential? Why do the personal data processing principles matter (a lot)? We cover 9 personal data processing principles and take a quick look at each before diving deeper in each of them. The principles for processing personal data under the GDPR can be found in GDPR Article 5. Six and nine principles of personal data processing These personal data processing principles are always related with (and often include) general principles such as fairness, transparency, freedom of choice and more. When legal bases exist, the processing still needs to happen and there are indeed clear principles regarding that actual processing of personal data. Obtaining consent or having another legal ground for lawful processing of course is just one step when it boils down to personal data processing. Previously we tackled the various legal grounds for lawful processing and zoomed in on some of them in-depth. Still, the principles, rights and freedoms are omnipresent and mentioned in virtually all aspects of the GDPR, whether it concerns the role of the DPO (Data Protection Officer), the rules on consent (informed, freely given, active, etc.) or the ways to demonstrate compliance with the endorsement of cybersecurity and data management practices such as encryption and pseudonymization, the importance of DPIAs, codes of conduct and so forth.īecoming compliant with the GDPR starts with GDPR awareness, the understanding of data subject rights, choosing the proper grounds for lawful processing for all data processing activities and understanding the principles which are enshrined in the Regulation, including the principles relating to processing of personal data. ![]() Obviously there is also a degree of “updating” to be more in line with modern data processing means and activities with the GDPR and the EU wants a far more consistent approach, application and enforcement for organizations in a market reality where big data and personal data are essential in times of digital transformation, data-driven innovation, new technologies such as IoT, and Industry 4.0. Setting the scene of the principles regarding the processing of personal data This also goes for the principles relating to processing of personal data, the topic of this article. While many of the data subject rights and rules regarding the legal bases for lawful processing of personal data of EU citizens haven’t changed too much, it’s essential to understand how the new rules fit in the scope of the mentioned goals and the overall principles which the GDPR emphasizes. These goals and the according rights, freedoms and principles of the GDPR, aren’t just expressed in new or strengthened principles and duties for controllers and processors but also in the extra-territorial application of the GDPR (whereby all organizations acquiring and processing personal data of EU citizens are impacted, regardless of where processing occurs). To attain GDPR compliance it’s important to understand the essence of the GDPR in valuing personal data and giving back control over personal data to citizens far more than its predecessor, the Data Protection Directive or Directive 95/46/EC, did. Overview of the personal data processing principles under the General Data Protection Regulation (GDPR) and where and how the principles relating to processing of personal data matter in becoming GDPR compliant, starting from GDPR Article 5 and moving beyond it.
0 Comments
Leave a Reply. |