GDPR: what are the basic principles?
The General Data Protection Regulation (GDPR) is based on six basic principles that you must take into account when processing personal data.
Basic principles
1. Lawfulness, fairness and transparency
You are obliged to process personal data in a transparent manner with respect for all applicable laws, regulations and rules.
2. Purpose limitation (finality and proportionality)
You may only process personal data for the purpose of your research, and the processing must be reasonable and proportionate to the purpose of your research.
3. Data minimisation
You may only use the personal data necessary to achieve the objectives of your research.
4. Accuracy
The personal data that you process must be accurate.
5. Storage limitation
The personal data that you process may not be kept longer than necessary for your current research or for possible further analyses of the data.
6. Confidentiality and integrity
As a researcher you must handle personal data confidentially and take appropriate measures to guarantee the confidentiality and integrity of the data.
Accountability
The general principle of accountability also applies in this context.
For this, it is important to ask yourself the following questions: at the start of my research, did I thoroughly consider and document the privacy aspects of my research, and am I able to demonstrate that I have actively taken responsibility for processing personal data in a secure manner?
More information
More tips
- GDPR: how am I transparent to data subjects in my research? (Integrity in science)
- GDPR: how can I ensure that the processing of personal data is lawful? (Integrity in science)
- GDPR: how do I register personal data processing activities? (Integrity in science)
- GDPR: how long can research data containing personal data be stored? (Integrity in science)
- GDPR: what are personal data? (Integrity in science)
- GDPR: what are the different roles and responsibilities according to the GDPR? (Integrity in science)
- GDPR: what has changed with regard to the previous privacy legislation? (Integrity in science)
- GDPR: what information should I include in an informed consent form when the processing of personal data is based on the consent of the data subjects? (Integrity in science)
- GDPR: what is the General Data Protection Regulation? (Integrity in science)
- GDPR: what rights do data subjects have, how do I respect them and what exceptions may apply to research? (Integrity in science)
- GDPR: what should I do in the event of further/secondary processing of personal data? (Integrity in science)
- GDPR: what should I keep in mind when designing my research? (Integrity in science)
- GDPR: what should I keep in mind when processing special categories of personal data? (Integrity in science)
- GDPR: When am I processing high-risk personal data and when do I need to conduct a DPIA? (Integrity in science)
- GDPR: when does it apply to my research? (Integrity in science)
- GDPR: who are considered as vulnerable persons? (Integrity in science)
- GDPR: why is it important to comply with this legislation? (Integrity in science)
Translated tip
Last modified March 30, 2020, 1:34 p.m.