Data in all countries is so sensitive that most governments punish the act of invasion of data privacy heavily. Companies have to be compliant with the General Data Protection Regulation laid down by the government.
There are 8 main principles that companies have to abide by when it comes to handling data.
Fair and lawful
Companies have to be fair and ensure they have the right permission to collect data. For example, if a personal identification number is being collected, everyone involved has to provide this type of information.
This principle ensures also all the permissions needed to modify data provided. Some data handling companies could choose to edit data through acts such as deleting or making changes without the consent of the owner. It is an offense and is punishable by law.
Specific for its purpose
Had your data been misused before? For example, your work email was used for product promotion? This is the wrong use of data gathered. One of the principles of data protection is data should be used for a specific purpose unless otherwise allowed by the owner.
Be adequate and for only what is needed
Some companies get more information than what is needed. Adequate information means what is only needed at the moment is gathered. If you need contact information, then their contact numbers should be collected and not any other data.
Accurate and up to date
It is normal for people to change information about them. For example, people move from one location to another or even move from one job to another. It is up to the company that handles data to update the information provided by its clients.
The information should also be correct, and no errors must be made.
Not kept longer than needed
Information that has already met its purpose should be deleted. This is to avoid the temptation of using data gathered for purposes other than the intended one.
Take into account people’s right
Companies should realize data owners have the right over any modifications made. Consent and agreement should be reached before any modifications. Clients prefer having evidence so a voice recording, video, or a written form shows a company has the right over the data provided.
Kept safe and secure
Companies should secure the data provided to avoid destruction, modifications, or loss. Note that if the information is modified and the owner has not granted permission, whether ethically or unethically, this act is punishable by law.
Such companies require training their staff on how to handle data and what action they should take in case of data insecurity.
Not to be transferred outside the EAA
Data should not be shared outside regions not registered under European Economic Area. The main reason for this principle is to ensure data is handled under developed acts. Such acts include charges to be an aid for data transfers, how data should be handled, and what actions should be taken in case there is a breach in data.
In conclusion, principles of data protection apply to data being handled, depending on the company collecting data or the purpose of the data collected. Learn more on principles of data privacy from ethyca.com/fides/.