GDPR (General Data Protection Regulation)

GDPR governs the way in which we can use, process, and store personal data (information about an identifiable, living person). It applies to all organizations within the EU, as well as those supplying goods or services to the EU or monitoring EU citizens


The 7 Major Principles of GDPR

Data processing requirements enforced by the GDPR are rooted in 7 general principles for privacy. Understanding the 7 principles of the GDPR will make it easier for you to understand the rules and regulations.

  1. Lawfulness, fairness and transparency – data processing must be lawful, fair and transparent to the data subject. Organizations must have a lawful basis for processing personal data and inform data subjects what data is collected and how it’s used.
  2. Purpose limitation – personal data can only be collected for specified, explicit and legitimate purposes. Data can’t be processed in a way that is incompatible with those purposes.
  3. Data minimization – organizations should only collect and process personal data that is adequate, relevant and limited to what is necessary for the purposes for which it is processed.
  4. Accuracy – personal data must be kept accurate and up to date. Inaccurate data should be erased or rectified.
  5. Storage limitation – data should only be kept in a form allowing identification of data subjects for no longer than necessary for the purposes which it is processed.
  6. Integrity and confidentiality – data must be processed in a way that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage.
  7. Accountability – organizations are responsible for complying with GDPR principles and must be able to demonstrate their compliance.


The key principles focus on transparency, purpose limitation, data minimization, accuracy, storage limitation, security, and accountability around personal data processing.

Types of sensitive data


Ethnic Origin

political opinions

religious or philosophical beliefs

trade union membership

genetic data

biometric data (where this is used for identification purposes)

health data

sex life

sexual orientation

Ready for your compliance journey

Get in touch today

Subscribe now

Skip to content