Principles of processing PD

The basic requirements can be summarized in the following points, which result in sub-obligations for personal data processors:

  1. Purpose limitation – it is not possible to use the data for processing other than those for which consent has been granted or we are not able to prove a legitimate interest or other legal title.
  2. Data minimization – only the data necessary to achieve the purpose (ie. delete data whose reason for storage we are unable to prove, do not store unnecessary data).
  3. Processing time limit – delete data if the reason for processing disappears.
  4. Transparency – the data subject must be informed truthfully, transparently and simply about the processing of his data.
  5. Restrictions on storage – the so-called retention period, the period during which the data can be stored for a given purpose and are determined for individual processing by the Shredding and Archiving Rules. Delete or anonymize data after a period of time. Shred physical documents. Each piece of data has a period after which it should be deleted, shredded, etc.
  6. Accuracy – update data regularly (correct stored data at the request of the data subject).
  7. Secure processing – protect client data, for example by encryption or locking