What are the strategies for the 6 principles of GDPR?

Question 1

Lawfulness, fairness and transparency

Answer 1

• Set up a procedure so that the data subjects will be informed of what is going to be collected, the purpose, who it will be shared with and the retention periods, before information is collected.
• Privacy information should be concise, transparent, easily accessible and easily understandable.

Question 2

Purpose Limitation

Answer 2

• The organisation must register with the Information Commissioner’s Office.
• Data must not be used for any other reason than the one registered eg an organisation cannot use data for marketing purposes if it is registered to use it for research purposes only.

Question 3

Data Minimisation

Answer 3

• Create forms that only request core information.
• Do not store unnecessary data.

Question 4

Accuracy

Answer 4

• Issue data check forms annually (or more often).
• Confirm data with the subject if in doubt.
• Procedures for updating data should be in place.

Question 5

Storage Limitation

Answer 5

• Consider the information held and have valid reasons for holding the information for the time decided.
• Regularly review the data held, and erase or anonymise it when it is no longer needed.

Question 6

Integrity and Confidentiality

Answer 6

• Set up a read only access on a network for certain staff to prevent data being altered by mistake.
• Provide training to ensure staff follow saving and security procedures.
• Install password protection