Page 10
Main changes in comparison with the current Data
Protection Directive:
• Data minimisation:
this principle, which aims
at limiting the amount of data collected for a
specific purpose, is reinforced by requiring the
collection to be limited to what is “
necessary
”
in relation to the purposes for which the data
is processed.
• Accountability:
controllers and processors
must be able to demonstrate compliance to
Data Protection Authorities by
keeping a record
of certain types of processing activities. Consent
is also subject to mandatory documentation
provisions.
• Transparency:
this principle is strengthened by
setting
mandatory information
to be displayed
and its format (clear and intelligible).
PART
02:
BASIC PRINCIPLES
The GDPR presents the basic principles that any data processing operation should follow.
“
Under our Data Protection
Policy, we have clearly
expressed and defined explicit data
retention guidelines and directives.
These have been designed so that
only the data we require to fulfil our
business requirements is retained,
and only for the duration that it is
used to fulfil the specific purpose for
which it was acquired”.
***
To address the specific requirements
of the GDPR, Improve Digital has
developed a new Data Protection
Policy: data categories have been
defined and implemented, clearly
segregating the organisation’s data
according to type and protection
requirements”.
--- Improve Digital
Lawfulness
Fairness
Transparency
Purpose
limitation
Data
minimisation
Accuracy
Storage
limitation
Integrity
Confidentiality
ACCOUNTABILITY