Principles for the Processing of Personal Data under the General Data Protection Regulation

Every day, you need to provide personal information in order to go on with your daily activities. The solution is not to stop providing data to keep yourself safe of unauthorised or unlawful processing, but to take all the reasonable steps to ensure safety. The following questions that you should ask before providing your data to ensure that nothing is left to chance when it comes to protecting your privacy and personal data: 1) Who is asking for your data? 2) What data has been requested? 3) How will the data be processed? 4) For how long will the data be retained?

Article 5 of the General Data Protection Regulation (GDPR)

The principles are set in article 5 of the General Data Protection Regulation (GDPR) and enshrined thorough all the Regulation, and they apply to every personal data processing activity. As the cornerstone of the Regulation, they should be kept in mind when interpreting the rights and duties established in the General Data Protection Regulation (GDPR). 


Process personal data only when there is aan appropriate legal basis or legislative measure undr the General Data Protection Regulation (GDPR), EU or Member State Law. 


Taking into account the specific circumstances and context in which the personal data is processed, provide all the information necessary to ensure fairness and transparent processing. 


Ensure that all risk, rules, safeguards, and rights concerning the processing are informed to the data subject in a concise easily accessible and easy to understand manner. 


Personal Data may only be collected for specific (defined), explicit (clear) and legitimate purposes (legal basis) determined up-front and, be processed in a manner compatible with it. (Art. 6 (4) an 89 (1) GDPR). 


Process personal data only when it is adequate (appropriate), relevant (pertinent) and limited to what is necessary for the purposes for which they are processed (not excessive). Focus on storage limit. 


Take every reasonable step to ensure that personal data are accurate and up to date concerning for which they are processed. 

Storage Limit

Keep the personal data as far as necessary to identify the data subjects for the purposes established; otherwise, should be erased (Art. 89 (1) GDPR). 

Integrity and Confidentiality

Integrity and Confidentiality to process personal data in a manner that ensures appropriate security, protection against unauthorised or unlawful processing and accidental loss, destruction or damage. 


Accountability refers to the duty to comply with the principles and be able to demonstrate that processing is performed in accordance with them.

Previous Story

Who is the Data Processor (DP) and what are its responsibilities under the General Data Protection Regulation

Next Story


Latest from Data Protection


VAN LEEUWEN LAW FIRM helps its clients to design a clear process in order to proactively…

Privacy at Work

VAN LEEUWEN LAW FIRM assists its clients in implementing global data protection agreements as well as…