Principles of GDPR

Cambridge Risk Solutions have a deep understanding of data protection, and experience in ensuring that clients have embedded effective and practical solutions that ensure that managing personal data becomes part of the organisational culture, which meets all regulatory requirements.

The seven key principles:

• Lawfulness, fairness and transparency
• Purpose Limitation
• Data Minimisation
• Accuracy
• Storage Limitation
• Integrity and confidentiality (security)
• Accountability

In other words, organisations can only process in a way that is in accordance with the law, and in a way that is fair and transparent. Thus you must tell people that you are processing their data, how, and how long for!

Data can only be collected for specific and legitimate services. Thus, you cannot collect data for one purpose, and then use it for another.

Data must be adequate and limited to only what is needed. So, when I called and asked for a phone number for a dental surgery, being told that they needed my data of birth for ‘data protection purposes’ was completely against the regulations.

Accuracy is important, particularly in relation to sensitive personal data. You must ensure that you can keep personal data updated.

It is important to implement systems and technologies to ensure that you only keep the data as long as necessary, and then delete is as required. Do you really need that conference delegate list after 10 years?

The data must be processed in a secure way, following the standard information security guidelines of ‘Confidentiality, Availability and Integrity’.

Finally, for data controllers, you must be able to demonstrate accountability.

There is much to do to ensure effective data protection is in place; for assistance with your processes, contact Cambridge Risk Solutions today