The GDPR replaces Replaces Directive 95/46/EC and the UK Data Protection Act (1998), and has extensive laws that are delineated in 99 articles, 173 recitals - that give guidance on how to follow and interpret the articles - and the GDPR principles that simplify required compliance procedures.
GDPR Articles
The 99 articles are split into 11 distinguished chapters to enable Data Controllers, Processors, and Protection Officers to appreciate the GDPR laws that must be adhered to, including:
- General Provisions
- Principles
- Rights of Data Subject
- Controller & Processor
- Transfers of personal data to third countries or international organisations
- Independent Supervisory Authorities
- Cooperation & consistency
- Remedies, liability & penalties
- Provisions relating to specific processing situations
- Delegated acts and implementing acts
- Final provisions
GDPR Principles
GDPR Principles
|
Description of GDPR Principles
|
Legality, Transparency, & Fairness Principle
|
Data shall be processed lawfully, fairly and transparently in order to comply with the GDPR
|
Purpose Limitation Principle
|
Data must have a pre-stated explicit purpose of intent prior to collection and should not be processed in a manner that deviates away from this purpose
|
Minimisation Principle
|
Only the minimum amount of data should be collected that is required for the processing purpose
|
Accuracy Principle
|
Data should be accurate and kept up to date – if data is found to be inaccurate, it should be rectified without delay or erased
|
Storage Limitation Principle
|
Data that permits identification of Data Subjects must only be stored for the required amount of time to meet its purpose, and no longer
|
Integrity & Confidentiality Principle
|
Security of data should be maintained throughout processing and storage in order to ensure that no unlawful data processing, access, or damage occurs
|
Accountability Principle
|
The Controller is responsible and accountable for data processing compliance
|