Setup Menus in Admin Panel

Principles and conditions for data processing

The GDPR defines seven key principles that must be strictly complied with in data processing:

  1. Data must be processed lawfully, fairly and in a transparently.
  2. Data may only be processed for specified, explicit and legitimate purposes.
  3. The processing of data must be limited to what is strictly necessary.
  4. Data must be accurate and up to date.
  5. Personal data must be kept in a form which permits identification of the data subjects only for as long as is necessary for the purposes for which they are processed.
  6. Personal data must be protected against unauthorised processing and against accidental loss or damage by suitable technical (e.g. backups) and organisational measures (e.g. access authorisations). .
  7. The controller must be able to prove compliance with the data protection principles.

Important

Violations of these principles are likely to result in maximum penalties.

Did you know that the processing of personal data is prohibited in general, unless specific conditions are met? For non-sensitive personal data the GDPR has a total of six available lawful basis for processing:

  1. Processing is necessary to fulfil a contract – e.g. processing of customer address data for online purchases
  2. Processing is necessary to satisfy a legal obligation – e.g. employer’s duty to record working time
  3. Processing is needed to protect someone’s life – e.g. in the event of epidemics or natural disasters
  4. Personal data are processed to carry out specific tasks in the interst of the public or in the exercise of offical authority which are laid down by law – e.g. in the context of police queries
  5. Processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests – e.g. video surveillance of the company premises to protect against burglary
  6. Consent of the individual concerned – g. by signing or ticking a box on a website.

If consent is to be used as the lawful basis, certain requirements must be met and the age of the data subject must also be taken into account.

Important

Declarations of consent can be revoked by the persons concerned at any time!

In the case of persons who have not yet reached the age of 16, the consent of their parent or legal guardian is required. A lower age treshold for obtaining parental consent may be estabilshed by EU member states but this will not be below the age of 13.

Special requirements apply to the processing of sensitive data. Data processing is only permitted in very specific exceptional cases, e.g. in the event of an accident due to vital interests or if the personal data have obviously been published by the data subject.

SEE ALL Add a note
YOU
Add your Comment