Data Protection Principles of the GDPR
- Processing must be lawful, fair, and transparent to the data subject.
- The data must be for a legitimate purpose specified to the data subject when it was collected.
- Collect only minimal data as absolutely necessary for the purposes specified.
- Personal data must be kept accurate and up-to-date.
- Personally identifying data should have a storage limitation for as long as necessary for the specified purpose.
- Processing of data must be done in such a way as to insure security, integrity, and confidentiality (e.g. by using encryption).
- The data controller must show accountability for being able to demonstrate GDPR compliance with all these principles.
Who does the GDPR apply to?
Non-EU organizations must comply with the GDPR if they are offering goods and services via the internet. If a company is not in the EU but caters to EU customers, the the company should be GDPR compliant.
If an organization uses web tools to track cookies or IP addresses of people who visit the website from EU countries, that organization must be GDPR compliant.
Who is exempt from GDPR regulations?
GDPR does not apply to personal or household activities, such as collecting email addresses of fellow workers to organize an event.
The second exception is for organizations with fewer than 250 employees. While smaller organizations must comply with GDPR, they are exempt from record-keeping obligations.
At Right-Hand, we recognize the importance of regulatory frameworks like GDPR. We provide organizations with the means to manage and deploy compliance across the entire workforce by training employees to understand the rules and apply them to their day-to-day activities.