Page 10

Main changes in comparison with the current Data

Protection Directive:

• Data minimisation:

this principle, which aims

at limiting the amount of data collected for a

specific purpose, is reinforced by requiring the

collection to be limited to what is “

necessary

”

in relation to the purposes for which the data

is processed.

• Accountability:

controllers and processors

must be able to demonstrate compliance to

Data Protection Authorities by

keeping a record

of certain types of processing activities. Consent

is also subject to mandatory documentation

provisions.

• Transparency:

this principle is strengthened by

setting

mandatory information

to be displayed

and its format (clear and intelligible).

PART

02:

BASIC PRINCIPLES

The GDPR presents the basic principles that any data processing operation should follow.

“

Under our Data Protection

Policy, we have clearly

expressed and defined explicit data

retention guidelines and directives.

These have been designed so that

only the data we require to fulfil our

business requirements is retained,

and only for the duration that it is

used to fulfil the specific purpose for

which it was acquired”.

***

To address the specific requirements

of the GDPR, Improve Digital has

developed a new Data Protection

Policy: data categories have been

defined and implemented, clearly

segregating the organisation’s data

according to type and protection

requirements”.

--- Improve Digital

Lawfulness

Fairness

Transparency

Purpose

limitation

Data

minimisation

Accuracy

Storage

limitation

Integrity

Confidentiality

ACCOUNTABILITY