Javascript is required
logo-dastralogo-dastra

The 8 Golden Rules of Data Protection

The 8 Golden Rules of Data Protection
Paul-Emmanuel Bidault
Paul-Emmanuel Bidault
27 December 2023·4 minutes read time

Every processing of personal data must comply with certain conditions: these are the 8 golden rules of privacy and personal data protection. In this article, these 8 golden rules are described and explained, and correspond to 8 practical sheets that Dastra has made available to you.

You should have 4 good reflexes to meet the requirements of the GDPR in this area:

  • Only collect data that is really necessary
  • Be transparent with all your stakeholders
  • Think about people's rights, such as rights of access, erasure, or rectification
  • Secure your data

Enjoy your reading!

1. Lawfulness of processing (Article 6 of the GDPR)

Processing is lawful only if, and insofar as, at least one of the following 6 conditions is met:

▶ The data subject has given consent to the processing of their personal data for one or more specific purposes;

▶ The processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject's request;

▶ The processing is necessary for compliance with a legal obligation to which the controller is subject;

▶ Processing is necessary in order to protect the vital interests of the data subject or of another natural person;

▶ Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

▶ The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular where the data subject is a child. See our guide to assessing legitimate interests.

Find out how to manage the legal basis in the Dastra App.

2. Purpose of processing

Personal data collected may only be processed for a specific purpose that meets the following conditions:

Precisely determined

Explicit

Legitimate

The purpose of processing is the reason for using personal data. Data is collected for a well-defined and legitimate purpose and is not further processed in a way incompatible with that initial purpose. This purpose principle limits the way in which the data controller may use or re-use the data in the future.

3. Minimisation of data

Only data strictly necessary to achieve the purpose may be collected and processed.

4. Special protection for sensitive data

Sensitive data may only be collected and processed under certain conditions.

5. Limited retention of data

As soon as the purpose for which they were collected has been achieved, data may be :
Archived

Deleted

Anonymised

In all cases, a retention period must be defined and applied.

6. Security obligation

Security measures must be implemented to:

Prevent the risk of a breach of security

Ensure the security of the data processed.

7. Transparency

Data subjects must be informed about the use of their data and how they can exercise their rights.

8. Individuals' rights

Data subjects have numerous rights that allow them to retain control over their data:
Right of access

Right of rectification

Right of erasure

Right to object

Right to data portability

Right to limit processing

Right to define the fate of data after death

The right not to be the subject of an automated decision.

These 8 golden rules are a guarantee of legal certainty for data controllers and a factor of transparency and trust for data subjects.

Subscribe to our newsletter

We'll send you occasional emails to keep you informed about our latest news and updates to our solution

* You can unsubscribe at any time using the link provided in each newsletter.