Want to watch this video? Sign up for the course here. Or enter your email below to watch one free video.

Unlock This Video Now for FREE

This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.

The Principles in relation to processing data have changed under GDPR, the most obvious of which being a change in an individual’s rights. These rights have been expanded and are now dealt with separately. There are also separate provisions for international transfers.

The principles form the foundation for the GDPR and are key to your compliance, if you don’t understand them or comply with them you could leave yourself open to substantial fines.

Before you make any decisions regarding how you process data, you should always refer to the principles and put yourself in the data subject’s place.

Whether or not you need to formally document your processing activities under GDPR depends on the size of your organisation and your processing activities. Many small businesses are not required to do so, but to be sure you should check on the information commissioners website.

In our experience, creating a mapping document and listing the types of data we process, identifying where it came from, why we process it, our lawful basis for the processing, how long we retain the information for and who we share it with, has been very useful in helping us to ensure compliance and review the data we process.

A spreadsheet to help you to create your data inventory is available in our download area, along with checklists and other useful information.