GDPR Key Concepts and other facts you need to know…
6 GDPR Principles
Personal data shall be:
Processed lawfully, fairly and in a transparent manner (transparency).
Collected for specified, explicit and legitimate purposes (purpose limitation).
Adequate, relevant and limited to what is necessary (data minimisation).
Accurate and where necessary kept up to date (accuracy).
Retained only for as long as necessary (storage limitation).
Processed in an appropriate manner to maintain security (Confidentiality and Integrity)
There is a seventh principle in reality – accountability and governance.
“Not one cap fits all” and the words appropriate and proportionate abound in GDPR parlance. However, it should be recognised that, while it is all about privacy, it is not just about Confidentiality. The rights of the citizen include that data be accessible in the right format (Availability) and that it is maintained and accurate (Integrity). It is worth noting that IL7 has a depth of experience in Risk Management and Accreditation Documentation Sets (RMADS) for both MOD and Central Government. For many organisations data security is about protecting operational viability and with MOD the physical security of its personnel and infrastructure. With the Police (IL7 spent 4 years with the Met Police and other forces, specialising in counter terrorism intelligence systems) it is the protection of information for operational and evidential purposes (as well as protecting their officers!). Within digital government and on-line services to the public, privacy is King. Yes, nobody wants downtime, but Data Loss Protection is more about citizens’ rights than the ability to wage war on the criminal or adversary. The old RMADS no longer suits all situations and IL7 has developed a more privacy centric risk management process that is appropriate to HMG whilst it retains its capability to write RMADS based on CIA for operational and investigatory viability. T