What principles does the GDPR include?
Article 5 of the GDPR sets out the core principles of data protection, often referred to as the Article 5 principles. These form the foundation of GDPR compliance and guide organisations in handling personal data responsibly.
1. Lawfulness, Fairness, and Transparency (Article 5(1)(a))
Personal data must be processed lawfully, fairly, and transparently. Individuals should clearly understand how and why their data is being used.
2. Purpose Limitation (Article 5(1)(b))
Personal data must be collected for specified, explicit, and legitimate purposes and must not be processed further in ways that are incompatible with those purposes.
3. Data Minimisation (Article 5(1)(c))
Personal data must be adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
4. Accuracy (Article 5(1)(d))
Personal data must be accurate and, where necessary, kept up to date. Inaccurate data should be corrected or deleted without undue delay.
5. Storage Limitation (Article 5(1)(e))
Personal data should be retained in an identifiable form only for as long as necessary to achieve the purposes for which it was collected.
6. Integrity and Confidentiality (Article 5(1)(f))
Personal data must be processed securely, protecting it against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
These principles create the framework for GDPR compliance, ensuring that organisations respect individuals’ privacy and maintain trust in how personal data is used.