We are living in an age where technology particularly the internet has taken over most aspects of our lives. It has dramatically changed and upgraded the way we manage our daily lives, like how we communicate, how we run our business, or how much information we are getting, and sharing on the internet.
Most of us do our business online because it has made things easier for us but has it ever occurred to you on how to keep your information safe? The internet is a vast world being accessed by millions daily and the one thing that we want to make sure is to keep ourselves and our information safe.
We are talking about financial information, credit card information, social media information, and even your mere identity should be kept safe online.
What is General Data Protection Program?
General Protection Program or GDPR is a legal regulation that is being implemented to all business establishments, companies or organizations that are established in EU or even if the data processing does not take place to EU for as long as the business supplies goods and services to the EU or citizen of the European Union.
This legal framework implies that the citizen of EEA or EU have control over their personal data and they are assured that the information they share over the internet is secured across the EU.
GDPR directive relates that any personal data or information regarding the person like name, age, gender, address, financial detail, bank details, social network profiles, location details, medical information, academic history, identification, phone number, or a computer’s IP address. The GDPR does not put any distinction between private or personal data. GDPR will treat both as personal information treating “the person is the person”.
To simplify, GDPR is data protection. It sets the legal guidelines for the collection and processing of personnel for people who are living in the EU.
What are the seven (7) guiding principles that rule the General Data Protection Program?
There are seven important principles that build the GDPR. These principles emphasize that the business company or organization must comply or adhere to the process of collecting, processing, and storing an individual’s personal data.
These principles serve as a guide to business establishments, companies, or organizations to manage data collection, processing, or storing in compliance with GDPR. Failure to comply with these principles will result in a substantial penalty to the organization, company, or establishment.
Here are the seven (7) underlying principles
- Lawfulness, Fairness, and Transparency – The first principle is the foundation of all the other principles. Lawfulness means that all data processing or data storing that relates to the personal data of an EU citizen must meet the requirements set by GDPR. Fairness means that you keep your word or you should comply with what was described on the data subject. Like for example, you give your client notice before collecting any data. And transparency means that the data subject must be kept informed regarding any purpose of the data collection.
- Purpose Limitation – the purpose of the data collection and processing of information should be specific. The data gathered should only be used on the agreed purpose and not to be used for other purposes.
- Data Minimization – This principle states that the purpose of collecting and processing of data should only be used in relation to the purpose on which they are being processed. The company or organization is only allowed to store the minimum amount of data that is required for its purpose.
- Accuracy – the personal data being processed and stored should be accurate. This data should be fit for what is needed and they should be accurate. This would require organizations to regularly look into their data bank and review the information to keep them updated. This also allows individuals to correct inaccurate and incomplete data within 30 days. This principle will allow a good streamline of information and ensure the business database to be accurate and up to date.
- Storage Limitation – This principle states that data that are no longer needed should be deleted unless there are other purposes for retaining it. Though GDPR does not state the exact period on how long the organization can store the data, it is up to the organization to determine the period on which the data should be stored. In compliance, organizations should have a process of cleaning their databases.
- Integrity and confidentiality – This is a very important principle. The business company or organization must ensure at all cost the security of any personal information given. The information must be protected against unauthorized use, accidental loss, or damage, or threats like theft, phishing, or malware. GDPR requires business establishments and companies to have very good and appropriate security against internal and external security threats.
- Accountability – This principle states that the organization is responsible for the data that they hold and must comply with the other principles. Companies and organizations must provide evidence that they have complied with the other principles.
Evidence can be:
- Evaluation of current practices.
- Appointing or hiring a Data Protection Officer or creating a team for Data Protection.
- Create a personal data inventory.
- Securing appropriate consent.
- Creating a Data Protection Impact Assessment.
These principles are very important in adhering to the guidelines of GDRP. The aim of GDRP is to protect data storing and processing which is very important. Adhering to these principles will help organizations comply with GDRP.