We had a very successful team meeting this week, during which we discussed the GDPR preparations we have been undertaking so far. The 8 main principles for the processing of personal date once formulated by OECD (Organisation for Economic Co-operation and Development) in 1980 still hold today. GDPR is about these 8 principles:
1. Collection Limitation Principle
There should be limits to the collection of personal data, data should be obtained by lawful and fair means, and where appropriate, with the knowledge or consent of the data subject.
2. Data Quality Principle
Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
3. Purpose Specification Principle
The purpose for the collection of data should be specified at the time of collection and data should not be used for anything other than its original intention without again notifying the data subject.
4. Use Limitation Principle
Personal data should not be used for purposes outside of the original intended and specified purpose, except with the consent of the data subject or the authority of the law.
5. Security Safeguards Principle
Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data.
6. Openness Principle
There should be a general policy of openness about developments, practices and policies with respect to personal data. Individuals should have easy access to information about their personal data, who is holding it, and what they are using it for.
7. Individual Participation Principle
An individual should have the right to know if a controller has data about him/her and to have access to that data in an intelligible form for a charge, if any, that is not excessive. An individual should also have the right to challenge a controller for refusing to grant access to his/her data, as well as challenging the accuracy of the data. Should such data be found to be inaccurate, the data should be erased or rectified.
8. Accountability Principle
Data controllers should be accountable for complying with the measures detailed above.
Our consultants are all signing the data processor agreements at the moment, we have our Protocol for Data Breach Notification and a Register of our business processes for which we need to make use of personal data. We are ready for the future of Data Privacy!
We are about people coming together, exchanging knowledge and experience.
We are i-Mobility Relocation. How may we serve you?