Key principles of personal data processing
Author | Michèle Finck |
Pages | 60-70 |
STOA| Panel for the Future of Science and Technology
60
6.Key principles of personal data processing
whenever personal data is processed. First, the principles of lawfulness, fairness and transparency
require that 'personal data shall be 'processed lawfully, fairly and in a transparent manner in relation
to the data subject'.401Second, the principle of purpose limitation requires that personal data be
'collected for specified, explicit and legitimate purposes and not further processed in a manner that
is incompatible with those purposes'.402Third, the principle of data minimisationmandates that
personal data be 'adequate, relevant and limited to what is necessary in relation to the purposes for
which they are processed'.403
Fourth, the principle of accuracyestablishes that personal data ought to be 'accurate and, where
necessary, kept up to date; every reasonable step must be taken to ensure that personal data that
are inaccurate, having regard to the purposes for which they are processed, are erased or rectified
without delay'.404The principle of storage limitationprovides that personal data must be 'kept in
a form which permits identification of data subjects for no longer than is necessary for the purposes
for which the personal data are processed'.405Pursuant to the integrity and confidentiality
requirement, data ought to be 'processed in a manner that ensures appropriate security of the
personal data, including protection against unauthorised or unlawful processing and against
accidental loss, destruction or damage, using appropriate technical or organisational measures'.406
It is the responsibility of the data controllerto comply with, but also to be able to demonstrate
compliance with these various requirements.407This section examines how these key principles of
personal data processing can be met where DLT is the chosen processing technology by examining
6.1.Legal grounds for processing personal data
Personal data processing can only be lawful where there is a legal ground that permits such
personal data processing that may be more or less suitable for a specific processing operation
depending on the given circumstances.409Data controllers must thus make sure that one of these
grounds applies before they can proceed with any specific processing operation.410The grounds of
lawful processing provided in this list are exhaustive, meaning that Member States cannot add
additional grounds or otherwise amend the scope of the six principles explicitly recognisedby the
GDPR. Below, the various grounds of lawful personal data processing are introduced in turn.
404Article 5(1)(d) GDPR.
408It is worth noting that different principles apply to instances where special categories of data are processed. These are
not examined here.
409To illustrate, Article 6(1)(b) GDPR can only be relied on where there is a contractual relationship between the data
controller and the data subject.
410Article 28(3) GDPR dispenses processors from independently verifying whether controllers have such a lawful ground.
Get this document and AI-powered insights with a free trial of vLex and Vincent AI
Get Started for FreeUnlock full access with a free 7-day trial
Transform your legal research with vLex
-
Complete access to the largest collection of common law case law on one platform
-
Generate AI case summaries that instantly highlight key legal issues
-
Advanced search capabilities with precise filtering and sorting options
-
Comprehensive legal content with documents across 100+ jurisdictions
-
Trusted by 2 million professionals including top global firms
-
Access AI-Powered Research with Vincent AI: Natural language queries with verified citations

Unlock full access with a free 7-day trial
Transform your legal research with vLex
-
Complete access to the largest collection of common law case law on one platform
-
Generate AI case summaries that instantly highlight key legal issues
-
Advanced search capabilities with precise filtering and sorting options
-
Comprehensive legal content with documents across 100+ jurisdictions
-
Trusted by 2 million professionals including top global firms
-
Access AI-Powered Research with Vincent AI: Natural language queries with verified citations

Unlock full access with a free 7-day trial
Transform your legal research with vLex
-
Complete access to the largest collection of common law case law on one platform
-
Generate AI case summaries that instantly highlight key legal issues
-
Advanced search capabilities with precise filtering and sorting options
-
Comprehensive legal content with documents across 100+ jurisdictions
-
Trusted by 2 million professionals including top global firms
-
Access AI-Powered Research with Vincent AI: Natural language queries with verified citations

Unlock full access with a free 7-day trial
Transform your legal research with vLex
-
Complete access to the largest collection of common law case law on one platform
-
Generate AI case summaries that instantly highlight key legal issues
-
Advanced search capabilities with precise filtering and sorting options
-
Comprehensive legal content with documents across 100+ jurisdictions
-
Trusted by 2 million professionals including top global firms
-
Access AI-Powered Research with Vincent AI: Natural language queries with verified citations

Unlock full access with a free 7-day trial
Transform your legal research with vLex
-
Complete access to the largest collection of common law case law on one platform
-
Generate AI case summaries that instantly highlight key legal issues
-
Advanced search capabilities with precise filtering and sorting options
-
Comprehensive legal content with documents across 100+ jurisdictions
-
Trusted by 2 million professionals including top global firms
-
Access AI-Powered Research with Vincent AI: Natural language queries with verified citations
