TABLE 1.
Principles of the GDPR Guidelines From the European Union
| Principle | Description |
|---|---|
| 1. Lawfulness, fairness, and transparency | Transparent processing of personal data in relation to the subject. |
| 2. Purpose limitation | Processing of personal data for specified, explicit, and legitimate purposes only; further processing for archiving in the public interest, or for scientific/historical/statistical research (according to Article 89[1] of GDPR) shall not be incompatible with the initial purposes. |
| 3. Data minimization | Personal data should be adequate, relevant, and limited in relation to the purpose of processing. |
| 4. Accuracy | Personal data should be accurate and up-to-date; inaccurate data should be erased or rectified without delay and regarding the purposes for which they are processed. |
| 5. Storage limitation | Personal data are to be kept in a form that permits identification of subjects for no longer than is necessary for the purposes for which their data are processed; personal data may be stored for longer periods for archiving in the public interest, or for scientific/historical/statistical research (according to Article 89[1] as above), subject to the technical and organizational measures required by this regulation. |
| 6. Integrity and confidentiality | Personal data are to be processed to ensure their appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, using appropriate technical or organizational measures. |
| 7. Accountability | The “controller” (for example, the project head or signing authority of the project) shall be responsible for, and be able to demonstrate compliance to the aforesaid principles. |
Abbreviation: GDPR, General Data Protection Regulation.