Iubenda logo
Start generating

Documentation

Table of Contents

What are the 7 principles of the GDPR?

The General Data Protection Regulation was drafted keeping in mind some fundamental principles, that should guide your data collection and data processing activities.

In this post, we explain what are the basic 7 principles of GDPR and what they mean in practice.

What are the 7 principles of GDPR?

GDPR: the 7 principles

1. Lawfulness, fairness and transparency

Lawfulness means that all the processes concerning your users’ data should be carried out on a recognized lawful basis.

These processes should also be fair and transparent, that is, you must abide by your privacy policy and use your users’ data only in the way you’ve shared with them.

2. Purpose limitation

The principle of purpose limitation is connected to the one of transparency: in your privacy policy, you must clearly state what are the purposes of your collection and processing activities, and thus use the data only for those purposes.

3. Data minimization

Even though, according to the GDPR, it’s better to use anonymous data, where personal data is needed, it should be limited to what is necessary for your purpose. So you must collect the minimum data possible.

🇪🇺
More on GDPR

This article is a part of our series on GDPR and GDPR compliance. Read also:

👉 How to be GDPR compliant

4. Accuracy

The data you store should be accurate and up-to-date.

5. Storage limitations

The data you store should be up-to-date, but you can’t store it forever.

The GDPR requires that you set a time limit – the shortest possible – and that you explain why you need to store your users’ data for that period of time. When the time comes, you must erase or review the data you stored.

6. Integrity and confidentiality

According to the principles of integrity and confidentiality, you should store your users’ data securely, protecting them from unlawful processing or accidental loss, destruction or damage. You should also protect your users’ identity. Through anonymization, for instance.

7. Accountability

The GDPR requires that, under certain circumstances, you should keep a “full and extensive” documentation of all your activities.

Even if your processing activities somehow fall outside these situations, you still have to keep basic records relating to which data you collect, its purpose, all parties involved in its processing and the data retention period. This is mandatory for everyone.

Curious to learn more?

Check our complete guide to the GDPR: everything you need to know to comply!

About us

iubenda

GDPR compliance for your site, app and organization

www.iubenda.com

See also