The key principles of GDPR

April 4th, 2018
What’s expected of your business under GDPR?

Businesses will now need to become more considerate and must facilitate the rights of an EU citizen. This will mean that as a business you must have in place the appropriate processes to deal with data requests efficiently. As if a 30-day deadline passes without the request being completed you will be in breach of GDPR and may face a penalty from the ICO.

Best practice for business will to be to begin embedding systems and practices into their business now to ensure that they can cope with the new regulatory conditions that data subjects may impose on them through use of GDPR rights.

Another best practice for businesses will be to invest in staff training to ensure that staff are able to deal with any requests regarding information promptly. It would also be useful for your business to train them on how they can be GDPR compliant. The business will ultimately be at fault as opposed to an individual within the organisation should a breach of regulation occur.

This will also help your staff to know what to do in the event of cyber-attack and how best to

deal with it. The higher risk data that a business holds the higher the fine that they can face. So, having staff that are able to deal with issues quickly and abide by the correct protocols will mean that the business is looked at by the ICO in a more favourable way than if you don’t know how to respond to a data breach.

GDPR banner

The six key principles

There are six key principles that businesses must remember for data that will help you

to improve your businesses GDPR compliance. The principles are as follows;

  • Data must be processed lawfully, fairly and in a transparent manner,
  • Data must be collected for specified, explicit and legitimate purposes,
  • Data must be adequate, relevant, and limited to what is necessary,
  • Data must be accurate and, where necessary, kept up to date,
  • Data must be retained only for as long as necessary,
  • Data must be processed in an appropriate manner to maintain security.


A business that uses these six principles and understands the rights of EU data subjects won’t go too far wrong with GDPR and should avoid any major breaches in GDPR from a data subjects point of view.


You can protect against GDPR penalties. Find out how here.


Back to article