Ace Your Exams with Our Notes and Mock Tests!

If you want to share the link of this note, please click here to "Copy note link" and share that generated link. Link from URL may change in future.

 

The principles are largely the same as those that existed under previous data protection laws. GDPR‘s seven principles are: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality (security); and accountability.

Article 32: Technical and organizational measures need to provide the following:

▪ The pseudonymization and encryption of personal data

▪ The ability to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services

▪ The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident

▪ A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

Article 33(1): “In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.”