In order to guarantee the protection of the privacy of individuals, a series of basic rules or lines of action are established that must be respected when personal data is collected, used or stored. These are referred to as ‘principles’.
In accordance with article 5 of the General Data Protection Regulation (GDPR) and according to one of the publications of the Spanish Data Protection Agency, there are a series of principles that must be taken into account by those responsible for processing personal data.
We explain them below:
Accuracy
The data to be used must be correct and up to date. If the data subject finds that his or her data is inaccurate, he or she shall have the option vis-à-vis the data controller to correct or delete it.
Purpose
Data should only be processed for the purpose primarily identified and, where appropriate, other compatible and equally justified and informed purposes.
Lawfulness, transparency and fairness
The controller must have a purpose that is legitimised on one of the bases set out in the GDPR (lawfulness), be faithful to that purpose and not use the data fraudulently or for other purposes (fairness). Finally, clear, simple and concise information must be provided (transparency) on the use of the data and its context, in compliance with the requirements of the regulation.
Limitation of the retention period
Data may only be used for as long as necessary to fulfil the stated purpose and never indefinitely. Once the data are no longer required for that purpose, they must be deleted or anonymised, so that re-identification is impossible.
Data minimisation
Only data that are necessary for the stated purpose may be used. For this purpose, technical and organisational measures shall be implemented in such a way as to ensure that only appropriate and relevant data are used.
Security
Personal data must be protected by security measures to counter any threatening risks. These security measures aim to ensure the confidentiality, integrity and availability of the data.
But not only is it important to comply with these principles, it is also essential to be able to demonstrate compliance.
Active or demonstrated responsibility
This is about taking a conscientious, diligent and proactive approach to the use of personal data by being able to comply with and demonstrate compliance with the above principles.
