While respecting a data subject’s data privacy, organizations must uphold the following fundamental principles of the processing of personal data:
- Lawfulness, fairness, and transparency: This principle requires organizations to process personal data lawfully, fairly, and in a transparent manner.
- Purpose limitation: This principle requires organizations to process personal data only for specified, explicit, and legitimate purposes.
- Data minimization:This principle requires organizations to collect the data adequate, relevant, and limited to what is necessary for the purposes for which they are processed.
- Accuracy: This principle requires organizations to keep the data accurate and take reasonable steps to ensure that inaccurate personal data has been erased or rectified.
- Storage limitation: This principle requires organizations to keep the data in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
- Integrity and confidentiality:This principle requires organizations to ensure an appropriate security of the personal data and protect it against unauthorized or unlawful processing, security incidents, or personal data breaches.
- Accountability:This principle holds organizations responsible for the protection of personal data. Organizations must be able to demonstrate compliance with the applicable legal requirements.