The General Data Protection Regulation was drafted keeping in mind some fundamental principles, that should guide your data collection and data processing activities. In this post, we explain what are the 7 principles of GDPR and what they mean in practice.
Lawfulness means that all the processes concerning your users’ data should be carried out on a recognized lawful basis.
Even though, according to the GDPR, it’s better to use anonymous data, where personal data is needed, it should be limited to what is necessary for your purpose. So you must collect the minimum data possible.
This article is a part of our series on GDPR and GDPR compliance. Read also:
The data you store should be accurate and up-to-date.
The data you store should be up-to-date, but you can’t store it forever.
The GDPR requires that you set a time limit – the shortest possible – and that you explain why you need to store your users’ data for that period of time. When the time comes, you must erase or review the data you stored.
According to the principles of integrity and confidentiality, you should store your users’ data securely, protecting them from unlawful processing or accidental loss, destruction or damage. You should also protect your users’ identity. Through anonymization, for instance.
The GDPR requires that, under certain circumstances, you should keep a “full and extensive” documentation of all your activities.
Even if your processing activities somehow fall outside these situations, you still have to keep basic records relating to which data you collect, its purpose, all parties involved in its processing and the data retention period. This is mandatory for everyone.
Check our complete guide to the GDPR: everything you need to know to comply!
GDPR compliance for your site, app and organization