7 principles of the GDPR in simple words

The difficulties in the fast-developing digital world, giving rise to privacy risks for data subjects. GDPR is above all else demanding because of its nitty-gritty transparency necessities. 

Let us all admit the truth regulations and laws are usually lengthy, boring, and full of complex language. However, a few of them are important to understand as they may directly or indirectly impact your regular life. GDPR is one among those which we as a whole need to understand regardless of how exhausting and protracted it is. 

Here is the Wikipedia definition of GDPR – “The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas.”    

So what is GDPR in simple words? Basically, GDPR is an enactment pointed toward giving the end customer the option to control their data. GDPR stands for General Data Protection Regulation, a law affirmed in April 2016. Prior law called the Data Protection Directive and is pointed toward standardizing the principles over the whole EU area. GDPR permitted organizations two years to consent to the essential changes. 

It has far-reaching consequences for significant technology firms that operate around the world. Organizations including Facebook Inc. (FB) and Alphabet Inc’s. Google (GOOGL) – organizations that hold gigantic data of clients and use it for procuring their revenue. 

What are the 7 main principles of the GDPR?

The GDPR sets out seven standards for the legitimate handling of individual data. Preparing incorporates the collection, organization, structuring, storage, alteration, consultation, use, communication, combination, restriction, erasure, or destruction of personal data. Broadly, the seven principles are :

  1. Lawfulness, fairness, and transparency 
  2. Purpose limitation 
  3. Data minimization 
  4. Accuracy 
  5. Storage limitation 
  6. Integrity and confidentiality (security) 
  7. Accountability 

The principles are at the focal point of the GDPR; they are the core values of the guideline and agreeable handling. 

  1. Lawfulness, fairness, and transparency

The first principle, you can call it the main principle is conceivably the most significant and emphasizes complete transparency for all EU data subjects. At the point when data is gathered, Organisations must be clear concerning why it’s being gathered and how it will be utilized. In the event that a data subject demands additional data with respect to the handling of their data, at that point Organisations are compelled by a sense of honor to give this in an ideal way. The collection, processing, and disclosure of data should all be done as per the GDPR guidelines. 

  1. Purpose limitation 

Organizations must have a particular and authentic explanation behind gathering and handling individual data. The data must be utilized for the assigned purpose and should not be prepared for some other use, except if the data subject has given their express assent. There is somewhat greater adaptability with preparing that is led for filing purposes in the public interest or for logical, chronicled, or measurable purposes. 

  1. Data minimization 

Under the GDPR, data must be “sufficient, important and restricted to what exactly is vital comparable to the purposes for which they are prepared.” This implies that Organisations should just store the base measure of data needed for their purpose. Organizations can’t simply gather individual data if it very well may be helpful later on. On the off chance that they are holding more data than is important, it’s probably going to be unlawful. 

  1. Accuracy 

Individual data must be precise, fit for purpose, and state-of-the-art. This implies that Organisations ought to routinely survey data held about people and erase or revise erroneous data likewise. People reserve the option to demand that erroneous or inadequate data be eradicated or redressed within 30 days. This smoothing out of data will help improve consistency and guarantee business databases are precise and state-of-the-art. 

  1. Storage limitation 

When you at this point don’t require individual data for the purpose for which it was gathered, it should be erased or pulverized except if there is a different justification for holding it. The GDPR doesn’t state how long you should keep individual data. It’s dependent upon your association to decide this, in light of the purposes for handling. To guarantee consistency, Organisations ought to have a survey cycle set up to manage the purging of databases. Despite the fact that the overall guideline is that you can’t clutch individual data for future use, there are special cases for documenting, research, or factual purposes. 

  1. Integrity and Confidentiality 

This rule manages security. Your association must guarantee that all the suitable measures are set up to make sure about the individual data you hold. This could be an assurance from interior dangers, for example, unapproved use, coincidental misfortune, or harm, just as outside dangers, for example, phishing, malware, or burglary. Helpless data security could endanger your frameworks and administrations just as making trouble people. There’s nobody ‘size fits all’ approach, however, the GDPR states that Organisations should be fitting degrees of security set up to address the dangers introduced by their preparation.

  1. Accountability 

The last guideline, and another principle under the GDPR, states that Organisations must assume liability for the data they hold and show consistency with different standards. This implies that Organisations must have the option to prove the means they have taken to show consistency. This could incorporate focuses on assessing current works, Appointing a Data Protection official, Creating an individual data stock, Obtaining suitable assent, and Carrying out Data Protection Impact Assessments. 


The seven principles of GDPR furnish Organisations with a guide on how they can best deal with their own data and accomplish consistency with the GDPR. 

While the data privacy standards are like those found in the past Data Protection Directive (DPD), they are more nitty-gritty to guarantee more prominent degrees of consistency and to consider progressions in innovation. 

Inability to follow the standards may leave your association open to significant fines. The GDPR states that encroachments of the essential standards for handling individual data are dependent upon the most elevated level of fines. This could mean a fine of up to 4% of your yearly turnover or 20 million euros, whichever is more prominent. Learn more about this most critical dimension “Data Protection” and become a data protection officer. When it comes to any organization operating worldwide data security and protection is the most important part. 

Leave a Reply