Within the Data Protection industry, its subsets and related professions; there are eight key data protection principles, which everyone needs to know. These principles form the basis and framework for working with information – ie. the storage, use, processing, obtaining, manipulation and retrieval of information.
The general aim of the eight data protection principles – which are also appiicable in many countries’ national laws – is to ensure that information; in particular, personal data, is processed lawfully, at all times, in all circumstances, by anyone holding such data, particularly organisations.
The Eight Major Data Protection Principles are outlined below as follows:
Principle 1: Personal data must be processed fairly and lawfully. In order for data to be classified as ‘fairly processed’, at least one of the following six conditions must be met:
1) The data subject (ie. the person whose data is stored) has consented (ie. given their permission) to the processing of their personal data;
2) The processing of the personal data is necessary for the performance of, or commencement of, a contract;
3) The processing of the personal data is required under a legal obligation (other than one which has been stated in a contract);
4) The processing of the personal data is necessary to protect the vital interests of the data subject;
5) The processing of the personal data is necessary to carry out any public (or statutory) functions;
6) The processing of the personal data is needed to pursue the legitimate interests of the “data controller” or “third parties” (unless it unjustifiably prejudices the interests of the data subject).
As such, personal data cannot be legally processed unless at least one of these above-listed six conditions is met.
Principle 2: Personal data can must only be obtained for specified, lawful purposes, and shall not be processed in any manner incompatible with that purpose for which it was obtained.
Principle 3: Any personal data obtained should be adequate, relevant and not excessive in relation to the purpose, or purposes, for which they are processed.
Principle 4: Any personal data obtained must be accurate, and; where necessary, be kept up to date.
Principle 5: The personal data processed for any purpose, shall not be kept for longer than is necessary for the purpose for which it was processed.
Principle 6: Any personal data processed must be processed in accordance with the rights of the individual data subjects concerned.
Principle 7: Organisations must take appropriate technical protection and organisational measures against the unauthorised (or unlawful) processing of any personal data; and also against the accidental loss, or destruction of, or damage to, personal data.
Principle 8: Personal data should not be transferred to another country; unless that country provides an adequate level of protection for the rights and freedoms of the data subjects, in relation to the storage, processing and use of their personal data.
These eight data protection principles (which I have outlined above) have been enshrined, and encoded, into the Data Protection legislation of many countries and jurisdictions, around the world.
As such, these eight data protection principles have a significant global governance importance which all organisations and their employees need to observe when carrying out their duties and functions.
TO BE CONTINUED – Copyright: Daniel Obiago, 2017