Committed to protecting our customers personal data, Freshworks is here to help our customers understand significance of the GDPR, its requirements and our allegiance to align with global standards.
7 Key Principles of the GDPR
The GDPR encourages businesses to be responsible about an individual’s data. By ensuring protection and privacy of this data, businesses earn customer trust and they are likely to engage better with the business. GDPR provides a framework for businesses to standardize and regularize real-world security and privacy needs of an individual's data used for business purposes. The key principles which the GDPR requires businesses to operate on are:
1. Lawful, fair and transparent processing: Emphasizes transparency for all individuals i.e. when data is collected, businesses must be clear as to why data is being collected and what will it be used for.
2. Purpose limitation: Collect data, only for the purpose you need it for. That is, data collected for specific purposes/reasons cannot be further processed in a manner incompatible with those purposes/reasons.
3. Data minimization: Ensure data captured is adequate, relevant and limited. Based on this principle, organizations must ensure they store minimum amount of data required for their purpose.
4. Accurate and up-to-date processing: Data controllers must ensure information remains accurate, valid and fit for purpose. To comply, organizations must institute processes and policies to address how they maintain data they are processing and storing it.
5. Limitation of storage in a form that permits identification: Have control over storage and movement of data within the organization. This includes implementing and enforcing data retention policies, and preventing unauthorised movement and storage of data.
6. Confidential and secure: An organization collecting and processing data is solely responsible for implementing appropriate security measures to protect the individuals data.
7. Accountability and liability: Organizations must be able to demonstrate adoption of necessary steps to protect an individual’s personal data, and be able to pull up every step within the GDPR strategy as evidence.