* Posts by DPPTrainer

1 publicly visible post • joined 11 Apr 2017

How their GDPR ignorance could protect you from your denial

DPPTrainer

Re: Purging convictions

To understand this you need to understand the principles of data protection. Start with principle 5, the requirement to keep data no longer than necessary - if you keep any personal data, even traces which can identify an individual, you breach this principle. That in turn means the data you keep will likely become inaccurate and out of date, a breach of principle 4. It also means data is likely to become excessive, a breach of principle 3. Keeping it is likely to be at odds with the purpose given for collecting it making it also a breach of principle 2. And breaches of principle 2 are inherently mean a breach of principle 1 - the need to collect and process data fairly, lawfully and in an open and transparent manner. Keeping data you don't need, even traces, which counts as personal data is essentially a breach of 5 of the 6 principles. The GDPR is clear, no need = you cannot keep it. And "just in case" is not a valid need - the law is very clear on that.

Breaches like this will fall into the 4%/20 million euro category and a failure on that many principles is likely to increase the size of any penalty issued by the ICO.