Six Principles of GDPR that you need to know about

Infocredit Group, and its strategic Partner, VinciWorks, give an insight about the new Personal Data Regulation that comes into force as from May 25th, 2018 and highlight the 6 Principles of Data Protection through a clear and comprehensive guide. Infocredit Group and VinciWorks have joined forces to offer a diverse collection of high-quality, specialized compliance and regulatory training e-courses design to meet the specific needs of their clients using proven technology and sophisticated design.

The six principles of GDPR (General Data Protection Regulations) are similar in many ways to the eight principles of the Data Protection Act. While the six principles of GDPR do not include individuals’ rights or overseas transfers, these are included elsewhere in GDPR.

One key difference is that under GDPR, you must show how you comply with the principles, not just that you do. This is a separate requirement known as the accountability principle which is integrated across GDPR. 

The six principles of data protection in GDPR are that data must be treated in a way that is:
  1. Lawful, fair and transparent
    There has to be legitimate grounds for collecting the data and it must not have a negative effect on the person or be used in a way they wouldn’t expect.

  2. Limited for its purpose
    Data should be collected for specified and explicit purposes and not used in a way someone wouldn’t expect.

  3. Adequate and necessary
    It must be clear why the data is being collected and what will be done with it. Unnecessary data or information without any purpose should not be collected.

  4. Accurate
    Reasonable steps must be taken to keep the information up to date and to change it if it is inaccurate.

  5. Not kept longer than needed
    Data should not be kept for longer than is needed, and it must be properly destroyed or deleted when it is no longer used or goes out of date.

  6. Integrity and confidentiality
    Data should be processed in a way that ensures appropriate security, including protection against unauthorized or unlawful processing, loss, damage or destruction, and kept safe and secure.

For example, a car dealership is running a competition in partnership with a local newspaper to win a test drive in a Ferrari. To enter, people have to provide their phone number, email address and their top three favorite cars. The dealership and the local newspaper plan to share the data between them. The dealership wants to directly market people’s favorite cars back to them, and the newspaper has plans to launch an auto-trading magazine.

The data protection principles that would be impacted include 1 – lawful, fair and transparent; 2 – limited for its purpose and 6 – integrity and confidentiality. Data that is collected for deceptive or misleading purposes is not fair and may not be lawful. When data is being collected the reasons for its collection must be stated, and people have a right not to be marketed to without their consent. In this case, those who entered the competition are not being made aware of the true purpose for collecting their information and are being tricked into a marketing ploy.

Remembering the 6 Principles of Data Protection

Data protection officers, risk managers and those involved in processing and distributing data should become familiar with these principles in order to ensure their organization is compliant. The new Personal Data Regulation comes into force as from May 25th, 2018.


Sovereign Trust (Malta) Limited

Sovereign Trust (Malta) Limited, part of The Sovereign Group provides a full range of cross border wealth management...
View profile