Guidance on the Principles of Data Protection

Principles are an important part of data protection law, and are, in fact, at the core of the General Data Protection Regulation (GDPR), which is often referred to as ‘principles-based’ regulation. Article 5 GDPR in particular sets out seven key principles related to the processing of personal data, which controllers need to be aware of and comply with when collecting and otherwise processing personal data, namely:

  • Lawfulness, fairness, and transparency;
  • Purpose limitation;
  • Data minimisation;
  • Accuracy;
  • Storage limitation;
  • Integrity and confidentiality; and
  • Accountability.

This guidance should assist controllers with compliance with the principles of data protection, which is the first and perhaps most important step that controllers can take to ensure they comply with the requirements of the GDPR and data protection law generally.

Guidance on the Principles of Data Protection - Full Guidance Note