Understanding GDPR Principles for Data Processing

Changes in Data Processing Principles under GDPR

The General Data Protection Regulation (GDPR) has introduced changes to the principles governing data processing, notably expanding individuals' rights and introducing separate provisions for international transfers.

Importance of GDPR Principles

The GDPR principles serve as the cornerstone for compliance, and understanding and adhering to them are crucial to avoid potential substantial fines.

Consideration of Data Subjects' Rights

Before making any decisions regarding data processing, it's essential to refer to the GDPR principles and consider the perspective of the data subject.

Documentation of Processing Activities

Whether formal documentation of processing activities under GDPR is necessary depends on the size of the organisation and its processing activities. While many small businesses may not be obligated to do so, it's advisable to verify this information on the Information Commissioner's website.

In our experience, creating a mapping document detailing the types of data processed, its source, purpose of processing, lawful basis, retention period, and sharing details has been instrumental in ensuring compliance and facilitating data review.

Data Inventory Spreadsheet

A downloadable spreadsheet to assist in creating a data inventory is available in our download area, alongside checklists and other valuable resources.