Lesson 4The GDPR principles of data protection

Notion 32

Sixth GDPR principle: integrity and confidentiality.

Target skills

Learn what is integrity and confidentiality principle of GDPR.

Principle 6 - Integrity and Confidentiality (Security)

This principle states that personal data must be:
"processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ('integrity and confidentiality')" [Wolford, B. 2018].

In simple terms, it is called a security principle because it is closely related to information security and the protection of information systems and networks (cybersecurity). As organisations sometimes handle sensitive (personal) information, those responsible for controlling data within the organisation need to ensure that security measures are in place to prevent data from being accidentally (or intentionally) compromised and causing harm to a third party.

For example, an organisation backing up its systems and the personal data stored within them. It applies the "3-2-1' backup strategy, where three copies of the data are stored on different servers.

If the company is affected by a ransomware attack and there is a data loss, an individual's personal data could be at risk. With 3 backups, the company is able to restore the systems without major interruptions and without the loss of personal data.

If you would like to read in more detail about the GDRP's security provisions, you can find some additional information here
(ICO, 2022). Security. ICO - Information Commissioner's Office. Retrieved from: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/security/