Under the GDPR (A.5) processing must be done in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“integrity and confidentiality”). What are some techniques for achieving this in practice?
- Encryption and pseudonymisation of data
- Make sure you’ve assigned sufficient resources to develop and implement an information security policy framework.
- Having a cross-functional team, including legal and technical data security experts, is standard practice today
- Set aside a dedicated budget to properly implement and maintain the organisational and technical measures
Which Article deals with the principles relating to the processing of personal data?
Article 5
What are the GDPR principles relating to the processing of personal data?
- 1.a - Lawfulness, fairness and transparency
- 1.b - Purpose limitation
- 1.c - Data minimisation
- 1.d - Accuracy
- 1.e - Storage limitation
- 1.f - Integrity and confidentiality
- Accountability
What does the storage limitation principle mean?
Means that even if you collect data fairly and lawfully, you cannot keep it for longer than you actually need it (there are close links with data minimisation and accuracy principles)
Personal data can be stored for longer when it’s used solely for
- archiving purposes in the public interest
- scientific or historical research purposes
- statistical purposes in line with Article 89(1)
Subject to the technical and organisational measures required to safeguard the data
