Principles of data protection

There are 7 principles set out in Article 5 of the Applied GDPR -

6 principles which apply to the processing of personal data: 

  1. Lawfulness, fairness and transparency
  2. Purpose limitation
  3. Data minimisation
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality

together with the overarching principle of 'accountability' which requires a controller to demonstrate compliance with the personal data processing principles. This includes the implementation of appropriate data protection policies under the responsibility of the controller set out in Article 24 of the Applied GDPR.

Infringement of the principles is subject to a fine of up to £1,000,000.

Please see the "Closer Look" guidance on the principles below.