We can summarise GDPR using the following principles:

  1. Right to information: personal data is collected for a specific legitimate purpose, and may not be used for other purposes. Organisations need to be fully transparent about this.
  2. Transparency: the person whose data is processed actively agreed to this and has been informed of his/her rights.
  3. Right of access to your data: every person has the right of access to his/her personal data and supplementary information. These data must be correct at all times. Every person has the right to correct his/her data.
  4. Right to be forgotten: every person has the right to request removal of his/her personal data without having to provide a specific reason for this.
  5. Retention period: personal data may not be retained longer than deemed necessary for a specific purpose.
  6. Data protection: all personal data must be protected against access by unauthorised persons or loss of data.
  7. Right to use data for one’s own goals: every person has the right to request his/her personal data and/or to use it for his/her own goals. Every person also has the right to move his/her data and/or to copy it to another organisation.
  8. Restriction of information: every person has the right to restrict or block access to his/her data.