Contact
When processing personal data, you must respect certain basic principles detailed in the regulations. Specifically, the principles contained in the data protection regulations that must be applied are:
- Lawfulness, loyalty and transparency in relation to the data subject. You must have a legal basis for processing the data, which can be consent or another assumption. The data subject must be informed of what data is being processed, for what purpose, for how long, etc.
- Purpose limitation: the data must be collected for specific, explicit and legitimate purposes and subsequently must not be processed in a manner incompatible with these purposes.
- Minimisation: the data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accuracy: the data must be accurate and, if necessary, updated.
- Limitation of the conservation period: they must be kept in such a way as to allow people to be identified for a period no longer than is necessary for the purposes of processing their personal data.
- Integrity and confidentiality: they must be processed with the adequate security.
One of the main innovations introduced by the GDPR is the regulation of the principle of proactive responsibility. The GDPR describes it as the need for appropriate technical and organisational measures to be applied in order to guarantee and be able to demonstrate that the processing complies with the Regulation.
In practical terms, this principle requires organisations to analyse what data they process, for what purposes they do so and what type of processing operations they carry out. Based on this knowledge, they must explicitly determine how they will apply the measures provided for by the GDPR. Likewise, they must ensure that these measures are adequate to comply with it and that they can demonstrate compliance to the data subject and control authorities, such as the APDCAT.
In summary, this principle requires that organisations have a conscious, diligent and proactive attitude towards all the processing of personal data they carry out.
Highlights