We know that GDPR is unavoidable for businesses of every size and scope. We also know that the requirements are considerable, and at times they can even feel overwhelming.

Don’t worry. Help is out there in the battle to understand exactly how you and your business will navigate a smooth path towards compliance.

The underpinning principles of GDPR are an excellent starting point.

Each of the principles is worthy of a deep dive in its own right, but for now, let’s have a brief look at each. What they involve and how they can help you to process data safely, securely and legally.

Remember, these are set out at the start of the legislation itself to help organisations and the people who run them to make the decisions. They will also enable you to put the practices in place that will embody the spirit of good GDPR practices.

Processing data in a lawful, fair and transparent way

This principle may seem self-explanatory; it basically requires that the practices you use to collect data don’t break laws. This requires a sound working knowledge of GDPR to adhere to, though, to achieve the principle’s intended goals of ensuring nothing is hidden from data subjects, stating the type of data collected in your privacy policy and the reasons for its collection.

Purpose limitation

Data has to be collected for a pre-defined and specific purpose and only for as long as necessary for that same purpose.

Data minimisation

When it comes to personal data, only process that which you need.

Data accuracy

GDPR expects that every reasonable step is taken to ensure the accuracy of data. If that isn’t the case and processed data is inaccurate, then erasure or prompt rectification is vital. Individuals have the right to request it.

Storage limitation

Another important aspect of GDPR compliance relates to safely and securely delete data that is no longer needed. How do you know when that is the case?

When does a customer stop being a customer? When is data relating to a former employee, business partner or freelancer considered obsolete?

These are complex questions, and the answer will vary depending on an individual’s industry and the reasons for the data itself. To be sure, and allay any doubts, consult a professional.


Data must be processed in a way that guarantees its confidentiality and integrity. That includes things such as accidental loss, theft or partial destruction. This principle is intentionally vague to allow for changing technologies and evolving methods of best practice.

Many organisations look towards encryption, cloud-based services and staff training to fulfil these criteria.

All these principles should lay the foundation for the general data protection regime and always inform a solid GDPR policy.

As a certified Data Protection Officer, I can offer the help and support you need to ensure you and your business follow the principles underpinning GDPR compliance. You can send me a message, live chat or request a call any time. I’d love to help!

Try our quiz