Written by:
Our posts contain affiliate links. Sometimes, not always, we may make $$ when you make a purchase through these links. No Ads. Ever. Learn More
Table of Contents_
Internet users concerned with consumer privacy should understand what are the principles of the Data Protection Act. Understanding the data protection rights of individuals can protect you from unlawful processing and confidentiality breaches. Luckily, the seven fundamental principles are easy to explain in plain English. So, stick around to learn how many data protection principles there are.
KEY TAKEAWAYS:
For more information on consumer privacy, check out how to register for the DPA, what the DPA covers, what computer cookies are, what net neutrality means, and what the pros of net neutrality are.
Insider Tip
You can contact a company’s data controller to erase your information or receive detailed documentation of your data.
The UK General Data Protection Regulation (GDPR) Act outlines the rights, key principles, and requirements for personal data processing in the UK. This data protection law works along similar guidelines compared to the protection policies of the EU’s GDPR. The seven principles of the GDPR outline how a company collects user data for legitimate purposes.
A company must have a legitimate and useful reason for collecting user data. The GDPR defines this as lawfulness. Additionally, companies must be fair about how they collect the data, so individuals must know what or why they’re gathering personal data. Lastly, companies must be transparent about what information they have and why they have it.
Companies must have a specific and legitimate reason for collecting user data. Additionally, a business must ask for user consent each time they go beyond the initial purpose of the collected data.
A company should only collect necessary data for a specific task. For example, if you subscribe to a text service, a company should only collect your phone number, not your home address or email.
The data a company collects must be accurate and delete incomplete or inaccurate information. Companies must schedule regular audits to double-check their information.
The GDPR makes companies specify the amount of time they store each piece of data in their database. Companies must set a storage limitation policy and anonymize information that falls outside of that timeframe.
Companies must keep collected data safe from unauthorized access, theft, and confidentiality leaks. The collected data must remain protected from destruction, loss, or damage.
Warning
American companies that operate in the UK or EU must get explicit consent for compliant data collection purposes.
Companies must provide evidence of consent and a legal basis for processing data. The accountability principle ensures that companies have a paper trail for regulators and supervising authorities.
STAT: A 2019 Pew Research Center poll showed that 62% of Americans did not think it was possible to go through daily life without personal data processing activity from corporations or the government. (source)
References: