Data processing principles under EU data protection law

There are seven data processing principles under EU data protection law: (1) Lawfulness, fairness and transparency; (2) purpose limitation; (3) data minimization; (4) accuracy; (5) storage limitation; (6) integrity and confidentiality; and (7) accountability.

The principles lie at the heart of the law and, although they don’t give hard and fast rules, they embody the spirit of the regulatory framework. Therefore, compliance with the principles is a fundamental building block to any good data protection practice.

(1) Lawfulness, fairness and transparency

For processing of personal data to be lawful, specific grounds for the processing (‘lawful basis’) must be identified. There are six main options with additional conditions for processing some especially sensitive types of data. If no lawful basis applies then the processing is unlawful and in breach of this principle.

In general, fairness means that processing must be done in ways that people would reasonably expect and not in ways that have unjustified adverse effects on them.

Transparency is fundamentally linked to fairness. Transparent processing means being clear, open and honest with people from the start about who you are and how you process data. Informing…