Skip to content

What Are the Seven Main Principles of the GDPR in England?

Table of Contents

Running a company means you will inevitably receive and store important personal information. As such, your business must be aware of the principles regarding recording, storing and deleting this data. The General Data Protection Regulation (GDPR) provides organisations with data protection rules in England. This article will explain the seven guiding principles that underpin the GDPR to ensure your company is aware of its data protection requirements. Accordingly, your business can avoid unintentional breaches and subsequent fines.

Why is it Important to Comply With the GDPR?

The Information Commissioner’s Office (ICO) can investigate any business suspected of breaching the GDPR. The ICO focuses on business behaviour and will issue fines to non-complying businesses to deter other organisations from breaking data protection rules.

In fact, the ICO may issue hefty fines (of up to £17.5m) to companies breaching the GDPR. Therefore, your business must be aware of and comply with the seven GDPR principles.

1. Integrity and Confidentiality (Security of Data)

Your business must keep information safe and secure. To illustrate, some of the ICO’s largest fines (between £15m – £20m) relate to companies having inadequate security arrangements to guard against the theft of sensitive information. For example, you can minimise the risk of information theft by implementing a sound security system and anti-virus software and encrypting sensitive data.

Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

2. Accountability

Your company is responsible for any breach of data protection rules. Even unintentional breaches may lead to ICO fines. Accordingly, it is essential your company can demonstrate that it takes all possible steps to protect personal information.

3. Purpose Limitation

A business should only use personal information for the exact reason given for collection. This means that your company cannot obtain information from individuals for the stated reason of sending an electronic newsletter and then use it for a secondary purpose, such as cold calling individuals on their mobile.

4. Accuracy

The ICO believes it is vital that all data remains accurate. Therefore, your company should update its information rather than retain old, inaccurate information. For instance, you can implement policies for staff to notify you of any change of address and re-confirming details with customers upon each purchase.

5. Data Minimisation

The GDPR advises that your company should only collect as much information as it needs. So, for example, if your business only needs a customer’s card details, full name and home address for online purchases, it should not ask for their date of birth or national insurance number.

6. Storage Limitation

Retaining information longer than necessary is a breach of data protection rules. So, if a customer provides card details for online purchases but has not ordered anything for three years, you should delete any card records on file. This also applies to employee records, which the business should destroy a certain period after the employee’s departure. 

7. Lawfulness, Fairness and Transparency

While all seven principles are technically equal, lawfulness, fairness and transparency are essential to your business.

In summary, this principle involves your organisation:

  • only using the information in line with the GDPR rules;
  • acting transparently concerning the reasons for data collection and intended use;
  • dealing with requests from data subjects (the people you collect data from) () fairly and reasonably;
  • guarding against accidental loss of data and acting in the public interest; and
  • reporting any data breach to the ICO within 72 hours. This includes any cyber-attacks against your company. 

Key Takeaways

Overall, the seven principles of the GDPR encourage your company to handle and store personal data safely and be honest with individuals about the purpose of any data collection. Furthermore, it is essential to have appropriate security over digital and physical information, as any data theft due to inadequate protection may lead to an ICO fine.

If you need help with data protection principles and the safe processing of data, our experienced Data, Privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.

Frequently Asked Questions

What is the difference between electronic security and physical data security?

Physical data security focuses on securing the premises and keeping sensitive information in locked cabinets or secure rooms. In contrast, electronic security focuses on having strong passwords, anti-virus software and firewalls.

How does my company safely delete data?

If the information is on paper, your business can destroy data by shredding documents and using a reputable rubbish disposal company. If you wish to delete digital information, you should use specialist deletion software that ensures someone cannot recover it. You should also delete any backup data on your IT system.

Register for our free webinars

Protecting and Enforcing Your Brand

Online
Protect your brand from misuse and infringement. Register for our free webinar.
Register Now

Deal Structures 101: Understanding Equity, ASAs and Convertible Notes

Online
As a startup founder, understand your capital raising options. Register for our free webinar today.
Register Now

Common Legal Pitfalls for SaaS and Online Businesses

Online
Protect your online or SaaS business from common legal pitfalls. Register for our free webinar.
Register Now

GDPR Compliance Essentials for SMEs

Online
Ensure our business is compliant with GDPR and build trust with customers. Register for our free webinar.
Register Now
See more webinars >
Thomas Sutherland

Thomas Sutherland

Read all articles by Thomas

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards