You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Lawfulness, Fairness, and Transparency (Article 5)
Data processing must be lawful, fair, and transparent to the data subject.
Purpose Limitation (Article 5)
Data collected must be for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
Data Minimization (Article 5)
The collection of data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy (Article 5)
Personal data must be accurate and kept up to date.
Storage Limitation (Article 5)
Personal data should be kept in a form which permits identification of data subjects for no longer than necessary.
Integrity and Confidentiality (Article 5)
Data must be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
Accountability (Article 5)
The controller is responsible for, and must be able to demonstrate compliance with, the other principles.
Consent (Articles 6-7)
Processing is lawful only if and to the extent that the data subject has given consent to the processing of their personal data for one or more specific purposes.
Data Protection Impact Assessment (Article 35)
Where processing is likely to result in a high risk to the rights and freedoms of natural persons, the controller must carry out an impact assessment.
Data Protection Officer (DPO) (Articles 37-39)
Controllers and processors must designate a DPO if their core activities require regular and systematic monitoring of data subjects on a large scale or involve processing on a large scale of special categories of data.
Right to Access (Article 15)
Data subjects have the right to access their personal data and information about how these data are being processed.
Right to Rectification (Article 16)
Data subjects have the right to have inaccurate personal data rectified, or completed if it is incomplete.
Right to Erasure ('Right to be Forgotten') (Article 17)
Data subjects have the right to have personal data erased under certain circumstances.
Right to Restriction of Processing (Article 18)
Data subjects have the right to restrict processing under certain conditions.
Right to Data Portability (Article 20)
Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format.
Right to Object (Article 21)
Data subjects have the right to object to the processing of their personal data in certain circumstances.
Automated Individual Decision-making, Including Profiling (Article 22)
Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
The text was updated successfully, but these errors were encountered:
Trust Model Legal Requirements under GDPR
Lawfulness, Fairness, and Transparency (Article 5)
Data processing must be lawful, fair, and transparent to the data subject.
Purpose Limitation (Article 5)
Data collected must be for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
Data Minimization (Article 5)
The collection of data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy (Article 5)
Personal data must be accurate and kept up to date.
Storage Limitation (Article 5)
Personal data should be kept in a form which permits identification of data subjects for no longer than necessary.
Integrity and Confidentiality (Article 5)
Data must be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
Accountability (Article 5)
The controller is responsible for, and must be able to demonstrate compliance with, the other principles.
Consent (Articles 6-7)
Processing is lawful only if and to the extent that the data subject has given consent to the processing of their personal data for one or more specific purposes.
Data Protection Impact Assessment (Article 35)
Where processing is likely to result in a high risk to the rights and freedoms of natural persons, the controller must carry out an impact assessment.
Data Protection Officer (DPO) (Articles 37-39)
Controllers and processors must designate a DPO if their core activities require regular and systematic monitoring of data subjects on a large scale or involve processing on a large scale of special categories of data.
Right to Access (Article 15)
Data subjects have the right to access their personal data and information about how these data are being processed.
Right to Rectification (Article 16)
Data subjects have the right to have inaccurate personal data rectified, or completed if it is incomplete.
Right to Erasure ('Right to be Forgotten') (Article 17)
Data subjects have the right to have personal data erased under certain circumstances.
Right to Restriction of Processing (Article 18)
Data subjects have the right to restrict processing under certain conditions.
Right to Data Portability (Article 20)
Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format.
Right to Object (Article 21)
Data subjects have the right to object to the processing of their personal data in certain circumstances.
Automated Individual Decision-making, Including Profiling (Article 22)
Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
The text was updated successfully, but these errors were encountered: