Please enable JavaScript.
Coggle requires JavaScript to display documents.
the 7 Data Processing Principles art 5, Processing: any operation…
the 7 Data Processing
Principles
art 5
Lawfulness, fairness & transparency
Lawfulness:
PData must only be processed when C have 1 of the 6 lawful bases for processing the D
Fairness:
DSubjs must be aware of the fact that their PData will be processed.
They should know how the D will be used, stored, & collected.
so they can make an informed decision about whether or not they want their data to be used
if they do not agree to have their data used, they should be able to use their DSRs
Processing should not negatively affect the data subjects.
Transparency:
C must be open & clear towards DSubjs when processing PData.
-They should be notified regarding how their D is processed.
Accountability
-C must process
responsibly by complying
with all relevant laws.
-& must be able to
demonstrate
compliance with the laws.
storage limitation
-D must not be kept longer than necessary for the purposes for which is collected.
-C must verify whether statutory data retention periods exist in relation to the type of processing.
Eg. personal processing data may be needed for the recruitment process and during the employment relationship. Once the recruitment process ends, C must not keep the PData of unsuccessful candidates any longer.
Exception:
D collected for archiving, scientific, historical or statistical purposes
purpose limitation
-C must only collect + process D to accomplish specified, explicit & legitimate purposes
-C should not process D for any other reason
unless the new purpose is compatible with the original purpose
In case of further processing, the
Compatibility test
is to be applied by taking into account:
Nature of processing
Purpose of processing
(A link must be established between the original purpose of processing and the new purpose of further processing)
Method of collection for data
Consequences of further processing
Existence of security safeguards
If the new use of data is compatible with the original purpose, then a new legal basis is not required. But if the new use is incompatible, then a separate legal ground is needed (e.g. consent of the data subject before starting the processing of data for a new purpose) or satisfy one of the other available legal criteria to justify the processing.
Purpose can be extended for Statistical purposes, Public Interest and Scientific or Historical purposes.
data minimisation
-C must collect and process personal data that is relevant, necessary & adequate to accomplish the purposes for which it is processed
-D should be directly relevant and necessary to accomplish the specific purpose.
-Based on the
principle of Necessity and Proportionality
Eg. collecting a large amount of excessive D in relation to the purposes that the C aims to accomplish & without any restrictions will be considered disproportionate.
-Therefore, a 'save-everything' approach will likely be considered a breach of the data minimisation principle
-Also, an excessive or disproportionate may include using biometric data (e.g., fingerprints) to identify individuals where alternative and less intrusive means could be used to accomplish the same purpose (e.g., identity cards)
integrity & confidentiality
-Appropriate security during the processing of data to protect against unauthorised or unlawful processing
-& against accidental loss, destruction, or damage using technical organisational measures
data quality & accuracy
C must take reasonable
measures
to ensure that D is accurate & where necessary kept up-to-date
Exceptions:
D collected for Statistical and Historical purposes
Processing
:
any operation performed upon personal data