Alis Advocaten - News

Ten commandments from the GDPR

01. GDPR requires prior legitimate purpose (Article 5/1 / a)

Personal data is collected for clearly defined purposes and must be lawfully processed.


02. GDPR limits the reuse of data (Article 5/1 / b)

After processing, personal data may not be further processed in a manner incompatible with those purposes.


03. GDPR underlines data minimization (Article 5/1 / c)

Personal data must be adequate and limited to what is necessary for the purposes for which it is processed.


04. GDPR requires data accuracy (Article 5/1 / d)

Personal data must be correct and, if necessary, updated.


05. GDPR limits data storage (Article 5/1 / e)

Personal data must be stored in a form that makes it possible to identify the data subjects no longer than is necessary for the purposes for which they are stored.


06. GDPR requires confidentiality and security (article 5/1 / f)

Personal data must be processed in such a way that adequate security is guaranteed.


07. In principle, GDPR prohibits the processing of sensitive data

Article 9/2 provides, among other things, for exceptions when explicit consent has been granted, the personal data were apparently made public by the data subject or when the processing is necessary for legal proceedings or an important public interest.


08. GDPR requires transparency

Article 13/1 determines what information must be provided when personal data is collected from the data subject. This includes the identity and contact details of the controller, the processing objectives, as well as the legal basis for the processing and the period during which the personal data will be stored.


09. GDPR limits the legitimacy of profiling

Article 22/1 determines the right of objection to automated individual decision-making.

Article 22/2 provides for a number of exceptions to this, inter alia when profiling is necessary for the establishment or execution of an agreement or the processing is based on the express consent of the person concerned.


10. GDPR limits data transfer

Article 44/1 states that transfer to a third country or international organization is only permitted if the other provisions of the Regulation are fully complied with.


Alis Advocaten is happy to tell you more about your compliance!