Professional Documents
Culture Documents
2.2 Example+1+-+part+2
2.2 Example+1+-+part+2
(LUL) Part 2
– EU SME CO. EXAMPLE
ASSESSING GDPR
COMPLIANCE
David begins his role by interviewing top management
He will first evaluate how LUL meets its obligations for the seven DP principles
The processing activities should show that all the directly collected data was collected and
stored.
The seven DP principles can be applied to against each of the processing operations to
understand how compliant the controller is.
THE MAGIC „7“
P1: Was the processing lawful, fair, and transparent?
P2: Was the collection for a specified, explicit, and legitimate purpose?
P3: Is data minimized through processing only what is adequate, relevant, and necessary
for the purposes?
P4: Is personal data accurate and up to date?
P5: Is personal data kept no longer than necessary?
P6: Is security appropriate to prevent unauthorized loss or disclosure of personal data?
P7: Can the controller demonstrate compliance with P1–P6?