What does the ‘security principle’ (aka “Integrity and confidentiality”) mean under EU Data Protection law?

‘Tell me a secret’ — Postcard — Produced before 1910

There are seven basic data protection principles under EU data protection law. The principles lie at the heart of the law and, although they don’t give hard and fast rules, they embody the spirit of the regulatory framework. Therefore, compliance with the principles is a fundamental building block to any good data protection practice. The seven principles are:

1. Lawfulness, fairness and transparency
2. Purpose limitation
3. Data minimization
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality (security)
7. Accountability

The sixth principle is the principle of “integrity and confidentiality” (GDPR Article 5 (1) (f)).

Article 5 of GDPR

(1)Personal data shall be:

(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using…