The obligation of EU organizations to comply with GDPR principles

Disclosing information to the public can cause severe impact and life changing threats to the individual life. This is why the General data protection regulation which is a privacy law was put into effect by the EU in 2018 ,this law aims to standardize privacy protection and uphold privacy structures that protect user personal data which gives them more control over their data, who processes their data ,what their data is used for. GDPR is only applicable to organizations operating within the EU or outside the EU which process data of EU residents and have more than 250 employees some of the principles to comply with GDPR which every organization should apply :

1) The principle of lawfulness, Fairness, and Transparency, this principle requires organization to process personal data according to the law fairly and with transparency.

2) The principle of purpose limitation which dictates to organizations that personal data shall be collected for explicitly stated and legitimate purposes the only exception for violating this principle if the information collected is used for public interest, scientific or historic research or for statistical purpose.

3)The principle of Data minimization, this principle impose on organization to have their personal data adequate, relevant, and limited to what is necessary for their purposes and to take every reasonable step to make sure personal data is accurate and up to date and any data that is found to be inaccurate must be erased or rectified without delay .

4) The principle of storage limitation, this principle stipulates that organizations can only keep personal data that might identify data subject for no longer than necessary, once the expressed intended purpose is accomplished personal data must be securely destroyed the only exception for archiving personal data only for safeguarding public interest or if it is used for historical research or statistical purposes.

5) The principle of integrity and confidentiality, this principle requires organizations to process personal data in a manner that ensures appropriate security of the personal data and to take all the necessary measure to ensure unauthorized or unlawful processing accidental loss, destruction or damage of personal data.

When an organization neglects to comply with these principles the penalty that can be inflicted upon her can reach 20 million euros or 2% to 4% of its annual income for this reason Data controller must take all the necessary measures to comply with these principles.