5Material Requisites for Processing under GDPR

Success depends upon previous preparation, and without such preparation there is sure to be failure.

— Confucius

Once the technical and organizational measures are put in place within the business to protect data, it is important to focus on the activity of “processing” itself. GDPR places numerous restrictions and rules on daily processing of data and the external interactions with consumers and foreign nations. Unlike previous laws surrounding data processing, which allowed for an expansive collection of information, GDPR is centralized around reducing data harvesting by sanctioning specific types of international data transfers along with ensuring compliance within the EU.

5.1 The Central Principles of Processing

Article 5 of GDPR lays down the essential matters that must be considered when personal data is being processed. Failing to follow these principles could result in a €20 million fine or 4% of the global annual turnover, requiring careful compliance. The term legitimacy in processing requires compliance with all existing law, which includes written common law, legislation, judgments, municipal decrees, constitutional principles, fundamental rights, and even other legal principles.1 Essentially, the test is whether a court determining the case would consider the source as a law. Legitimacy is a fluid concept, which can change depending on the technology or societal/cultural attitudes.2 The provisions lay the groundwork ...

Get Data Privacy and GDPR Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.