Skip to content
Skip to page content

What principles must be observed in the processing of personal data?

The icon features a person holding a flag with a closed padlock on it. The icon is surrounded by a light green frame. The icon is used to indicate that the situation involves the processing of personal data subject to data protection legislation.
The icon features an open palm holding a rectangle, which represents personal data, with a symbol depicting a person in the centre. The icon is surrounded by a light green frame. This icon can be used to express that the situation involves the controller's obligations related to the processing of personal data.

Data protection principles are general principles and practices applying to the processing of personal data. They are intended to guide processing.


According to the principles, personal data must be

1. processed lawfully, appropriately and transparently

2. collected and processed for specified, explicit and legitimate purposes

3. collected only to the extent necessary for the purpose of the processing

4. updated whenever necessary: inaccurate personal data must be erased or rectified without delay

5. stored in an identifiable form only for as long as necessary

6. processed confidentially and securely.

The data protection principles must be observed for the entire life cycle of processing, that is, from the collection of the data to its storage and erasure. The principles must be observed at all times and cannot be derogated from even with the data subject’s consent.

2. A processor acts on behalf of the controller
1. Take data protection into account from the start and in all circumstances