The General Data Protection Regulation (GDPR) is a set of rules, standards, principles that guide and regulate data privacy and exportation, within and outside the European Union.
What this implies is that companies within the jurisdiction of the European Union and the European Economic Area must list out procedures carefully aligned with those represented in the data protection principles.
Primarily, the GDPR is the host for these data protection principles and contains in itself, requirements regarding individuals' data.
Thus, information such as name, cookie data, social security number, etc. would have to stay hidden according to the data protection act principles.
The Importance of Data Protection Regulation
The data protection act principles are the centre of the GDPR. Non-compliance could expose data to fraud, scams, etc. Not only that, the company would be at risk of facing severe consequences that could be damaging to it, and that’s some of the internal problems. External punishments coming from the EEA are inevitable. Fines and a possible jail term cannot be escaped. All these can be avoided if one complies strictly by the GDPR.
At Thames Security Shredding, we know the A-Zs of the game, and that’s why you can trust us with your data.
The Eight Principles of Data Protection
The data protection act 1998 principles are very much relevant in contemporary times. Though revised with the official legislation of the GDPR in 2018, not much has changed. Nonetheless, here’s an overview of these principles.
Data Protection;
• Must be lawful
Under the legal policy, organizations must be fair and transparent in the collection and retaining of data. They must be able to give an account of the reason why the data was collected, and then of what use the individuals’ data is needed.
In more formal terms, data should be as detailed and precise as possible.
• Must be stipulated for specific purposes
This principle posits that personal data obtained by any organization must have a particular purpose for which it was created, in the first place. Like the legal principle, this policy further implies and advocates for data legitimacy and a fair process at that.
• Data must be adequate and relevant
The emphasis here is on relevance, limitation, and adequacy. Organizations are compelled to only obtain and withhold information that is relevant to them. Minimization is the ultimate goal for this one. If a customer unsubscribes from the company’s services, his data should be reduced to the barest minimum.
• Data must be accurate
Companies should ensure that the information in their possession is always up to date. And when updated, all roads to the previous data should be blocked. For instance, when a customer updates his contact details, the company should not continue to use the old data. Instead, they should work with the new information and keep the same for future uses/references.
For Security Shredding: Call 01268 287 174
• Data storage must be limited
Based on this, organizations should ensure that data is not stored, longer than necessary. What this rule buttress is on time, real-time data. Rather than store unnecessary data, this principle provides that organizations destroy/delete them. Making sure that data records are stored adequately, in place and understood, is what this principle stands for.
• Data must be secured
With the retention of personal data, it’s only right for security to be top-notch. This principle stresses the protection of data. It postulates that organizations should set up systems aimed at securing physical and technical data. On this, organizations should take up the full responsibilities of hiring trained personnel skilled in cybersecurity. More so, the data of those who have access to information should themselves be assessed.
• Must be accountable and responsible
The GDPR expects that every organization should be directly responsible for their data subjects. If a customer were to request for specific data, the organization should be able to provide such. On the other hand, if the customer asks for his data to be deleted, then the same should be granted. However, customers only have the right to access information relevant to them.
• Data must not be transferred
A principle that cannot be underemphasized is the transfer of data. Data must not be transferred to other countries outside the EEA and the EU. Inside the EEA, it is permissible. However, other countries should not access data relevant to the EU domain.
New Changes under the GDPR
• Conducting a background check on employees should be subject to the law.
• There’s an option of the ‘right to be forgotten,’ should an individual request for his data to be removed from a company’s database.
• If data is to be sent out of the EEA, the customer should consent to it.
How Thames Security can Help
At Thames Security Shredding, we know the A-Zs of the game, and that’s why you can trust us with your data. We stand for data protection and privacy, so your data remains unknown to third parties.