The 7 principles of the GDPR are:
- Lawfulness, fairness, and transparency: Organizations should be clear about how personal data will be used. Data must be collected lawfully and only used for its stated purpose.
- Purpose limitation: Organizations must have legitimate reasons for collecting and processing personal information. Personal data can only be used for stated purposes and any other uses require user consent.
- Data minimization: Only the minimum amount of personal data required for the processing purpose should be collected.
- Accuracy: Steps should be taken to ensure the personal data collected is accurate and up to date. Inaccurate data that cannot be corrected, should be erased.
- Storage limitation: Personal data should only be kept long enough for the data to be processed for its stated purpose.
- Integrity and confidentiality: Organizations should have security measures in place to protect the collected personal data from unlawful use, accidental loss, and destruction.
- Accountability: Organizations are accountable for proper personal data handling and GDPR compliance.