Article 5

Principles Relating to Processing of Personal Data

Overview:

Article 5 outlines the fundamental principles while processing personal Data. In fact we can call this the 7 pillars of  GDPR for processing personal data. They are:

  1. Lawfulness fairness and transparency  – Data must be processed in a lawful way with fairness and transparency. The data subject should be made aware of how their data will be processed
  2. Purpose limitation – Personal Data should be collected only for the purpose meant and should nor be used for any other activity
  3. Data minimization – Collect only the data that is necessary to carry out a specific activity or process
  4. Accuracy  – Personal data should be always kept accurate and up-to-date. Inaccurate data should be corrected or erased promptly.
  5. Storage limitation – Personal data collected should not be kept longer than necessary for the purpose for which it is processed
  6. Integrity and confidentiality – Personal data should be processed securely and adequately protected from accidental loss, damage or destruction.
  7. Accountability – The controller is responsible for adhering to the GDPR principles. They also should be able to demonstrate compliance.

Implementation Guidance

  1. Ensure that the organisation has defined a framework for implementing GDPR. It is always advised to have a framework like a Personal Information Management System (PIMS) for implementing GDPR.
  2. There should be proper documentation (not limited to policies and procedures) to demonstrate the compliance towards GDPR and the principles
  3. Implement appropriate technical controls to ensure the protection of personal data

Compliance Checklist

  1. PIMS
  2. Privacy Policy
  3. Documentation to demonstrate compliance
  4. Technical control implementation

Examples and Use Cases

  1. Online shopping website collect personal data and email ID, but clearly communicates to the customer that the same will be used for marketing purposes. They also provide a choice of consent for that.
  2. A tech gadget website collects email addresses from its customers and asks for their consent to send them information about newly launched gadgets via email.
  3. The HR department of an organisation regularly updates the record to ensure that the data is up-to-date and accurate.
  4. An online shopping portal implements Multi Factor Authentication (MFA)  to provide additional layer of security
  5. A dental clinic collects only the necessary information from the patients to perform the treatment.

Legal text

[Add legal text here]

Additional Resources

[Add links to additional resources here]

Scroll to Top