The basic principles of the General Data Privacy Regulation state that the collection of personal data shall be done lawfully, fairly and in a transparent manner. It must be for a specified, explicit and legitimate purpose. It must be adequate, relevant, limited, accurate, with 'storage limitation' and in a manner that ensures appropriate security of the personal data.
As GDPRtoons cleverly illustrated, a Controller and/or Processor has the responsibility of balancing six basic principles involving the collection of personal data, all while being able to demonstrate compliance.
No comments:
Post a Comment