Lesson 4The GDPR principles of data protection
- Notion 26 - The importance of the personal data processing principles
- Notion 27 - First GDPR principe: lawfulness, fairness, transparency
- Notion 28 - Second GDPR principle: purpose limitation
- Notion 29 - Third GDPR principle: data minimization
- Notion 30 - Fourth GDPR principle: accuracy
- Notion 31 - Fifth GDPR principle: storage limitation
- Notion 32 - Sixth GDPR principle: integrity and confidentiality.
- Notion 33 - Seventh GDPR principle: accountability
- Notion 34 - Review of the main concepts.
Notion 28
Second GDPR principle: purpose limitation
Target skills
Principle 2 - Purpose limitation
By purpose limitation we mean that anyone collecting personal data is obliged to state explicitly how and for what purpose it is to be processed. To this end, the individuals whose data is collected sign a consent which the organisations or companies collecting the data cannot change. Should the purpose be changed, a new consent must be signed.
If further processing is possible:
Suppose you have consented to receive information from your bank by email so that it can offer you new products (e.g. a loan), then the bank can use your personal data. In this case, this processing would be possible because the purpose for which you originally provided your personal data is compatible with the new purpose (to offer you a better product).
If further processing is NOT possible:
Let us take the example with the bank again. This time, imagine that the bank wants to share your personal data with different insurance companies (companies it has partnered with) so that they can offer you insurance products. Using the data from the contract you signed for your bank account would be illegal. In this case, the purpose is quite different from the one for which you signed the contract and therefore it would not be possible for the bank to share your data without your consent. If it did so, it would be in breach of the principle.