The GDPR is the thick protective layer that never goes out of style! It’s always there, looking after individuals’ interests and defending their rights. Hurrah! 

Right team: group into a huddle and get ready to grasp the nettle… here we go:

Thanks again for taking part in one of our training sessions on the General Data Protection Regulation.

So for our second training update, we’re reviewing the principles that underpin everything in the new data protection laws.

What are the ‘Data Protection Principles’?

The GDPR’s Principles (which you can find in Article 5 of the regulation) are:



Ensuring we have legal bases for our data processing, and that we’ve weighed our purposes against the interests, rights and freedoms of the individual’s whose data we use (‘Data Subjects’).



Making sure we process personal data only for the specified reasons that we have communicated to the Data Subject (adding to the transparency principle above).



Making sure we only process what is necessary for our specified purposes and avoiding a ‘data lake’ of unnecessary information.



Taking steps to ensure data is collected accurately, kept up to date and that any inaccuracies are rectified.



Putting measures in place to ensure data is kept for no longer than necessary to complete the purposes we have specified.



Securing the data we hold and process, taking account of likely risks and implementing adequate measures to protect the data.



Taking responsibility for the company’s compliance with the data laws and keeping proper records to demonstrate our compliance.


It is important to keep these in mind as you undertake your duties, and if you feel that anything is incompatible with these principles, be sure to report it to your manager or another responsible person.

Similarly, if you have any suggestions to make – on how we can improve our processes to better meet these principles – please let us know!

Remember our helpful acronym – it’s all about keeping up S.T.A.N.Da.R.D.S:

Icons made by Smashicons