Lesson 4The GDPR principles of data protection
- Notion 26 - The importance of the personal data processing principles
- Notion 27 - First GDPR principe: lawfulness, fairness, transparency
- Notion 28 - Second GDPR principle: purpose limitation
- Notion 29 - Third GDPR principle: data minimization
- Notion 30 - Fourth GDPR principle: accuracy
- Notion 31 - Fifth GDPR principle: storage limitation
- Notion 32 - Sixth GDPR principle: integrity and confidentiality.
- Notion 33 - Seventh GDPR principle: accountability
- Notion 34 - Review of the main concepts.
Notion 32
Sixth GDPR principle: integrity and confidentiality.
Target skills
Principle 6 - Integrity and Confidentiality (Security)
This principle states that personal data must be:
"processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ('integrity and confidentiality')" [Wolford, B. 2018].
In simple terms, it is called a security principle because it is closely related to information security and the protection of information systems and networks (cybersecurity). As organisations sometimes handle sensitive (personal) information, those responsible for controlling data within the organisation need to ensure that security measures are in place to prevent data from being accidentally (or intentionally) compromised and causing harm to a third party.
For example, an organisation backing up its systems and the personal data stored within them. It applies the "3-2-1' backup strategy, where three copies of the data are stored on different servers.
If the company is affected by a ransomware attack and there is a data loss, an individual's personal data could be at risk. With 3 backups, the company is able to restore the systems without major interruptions and without the loss of personal data.
If you would like to read in more detail about the GDRP's security provisions, you can find some additional information here
(ICO, 2022). Security. ICO - Information Commissioner's Office. Retrieved from: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/security/