Principal definition is - most important, consequential, or influential: chief. How to use principal in a sentence. But luckily for us, we have the Spiritual Principles in our Recovery collection to face this Step without being delusional. Like most things we find difficult, the answer is in The 12 Steps. In this case the answer is “to have GOD remove these defects” Not us! The first Spiritual Principle behind this Step is our good friend, Willingness.
And Why are There Now Only Seven?
Having governed data protection within the UK for twenty years, the Data Protection Act (DPA) 1998 was updated in 2018 to incorporate a Europe-wide standard, whilst also address the many changes, developments and revolutions that had taken place in the world of personal data.
Though personal data was of course an important asset in 1998, by 2018, the landscape of data collection, handling and implications had radically altered and the many questions regarding individual data rights had firmly arrived into the mainstream.
With so many high-profile data breaches, many of which affecting millions of individuals, governments around the world have been forced to address the existing holes within legislation, whilst strengthening and extending the control consumers have over their own information, and approaching the subject of data protection in a more holistic manner.
Now, two years on from the introduction of the General Data Protection Regulation and the DPA 2018, those asking: ‘what are the eight principles of the Data Protection Act? may have a little catching up to do. Luckily, we’re here to help fill you in.
How Has DPA Changed?
Under the UK’s DPA 1998, eight data protection principles existed at the centre of this regulation. By 2018 these principles were developed further by the European Union’s GDPR and made a part of UK law within the Data Protection Act 2018.
With a great deal of cross-over between the DPA 1998 and 2018, much of the current regulation regarding data protection is greatly similar to the previous laws. Below we can see how these previous eight principles of data protection have been incorporated and developed by the GDPR, and what, if any, their equivalents and differences are.
What are the Eight Principles of the Data Protection Act?
Though there is a great amount of similarity between both the DPA 1998 and the incorporation of the GDPR into UK law, to best understand where companies and organisation stand within the British context, and to a lesser extend the Europe as a whole, it’s worth taking a closer look at the current seven principles.
Seven Principles of Data Protection
Having looked at the changes from the DPA 1998 to the 2018 legislation, it’s worth noting that these following seven principles are designed to be the foundation upon which organisation should build all their data protection practices. Now in 2020, it is vital that all organisations dealing with personal data, understand and abide by these increasingly universal data protection principles.
- Lawfulness, fairness and transparency
As well as continuing the Data Protection standard/principle of lawfulness and fairness, this new standard also seeks to ensure that users can understand what it is there are signing up to when they hand over personal data. This principle requires that organisations use language that is ‘clear, plain and accurate’ as to what a data subject is consenting to, thus helping to ensure the data rights and legal protections.
- Purpose limitation
5'6 In Cm
This principle stipulates that personal data, which is collected for a specific, previously stated and understood purpose, must not then be used for other applications. Though the GDPR states that this principle of purpose limitation is not incompatible with processing under grounds of public interest, scientific or statistical purposes or for historical research, it limits the extent to which organisations can ‘multi-purpose’ personal data.
- Data minimisation
Ensuring that the extent or amount of data collected and/or processed is adequate, relevant and limited to the intended purpose, the principle of data minimisation is to curtail any organisation seeking to effectively hoard data without a clear rationale.
- Accuracy
Not exactly representing a significant step forward in data protection, and present within the DPA 1998, this principle makes organisation responsible for either updating inaccurate information or getting rid of it.
- Storage limitation
Like the preceding ‘retention’ principle, storage limitation restricts organisations from keeping hold of data for indefinite periods of time, or beyond that of its intended purpose. Again, purposes of public interest, archiving, scientific or historical research or statistics may act as reasons for an organisation retaining personal data, but these reasons must be justifiable and documented.
- Integrity and confidentiality
Previously known as the ‘security’ principle, integrity and confidentiality of personal data must be upheld with the appropriate security measures. As with many of the other principles, there is an inherent responsibility to implement both physical and technological controls to ensure compliance.
- Accountability
With no previous principle within the DPA 1998, the accountability principle requires organisations to take responsibility for the personal data being handled and their compliance with the other six principles. Appropriate measures and records are also required to be in place as to demonstrate compliance.
International Transfer of Data (Principle 8 of the DPA 1998)
Previously included as a principle of the DPA 1998, within the GDPR and the DPA 2018 the stipulations regarding the international transfer of data are not included as a key ‘principle’. Detailed within Chapter 5 of the GDPR, the transfer of personal data to countries or organisations outside of the direct jurisdiction of the GDPR are sufficiently compliant with the standards laid forth by the legislation.
“All provisions in this Chapter shall be applied in order to ensure that the level of protection of natural persons guaranteed by this Regulation is not undermined.”
More information relating to how Chapter 5 of the GDPR has been incorporated into the UK’s Data Protection Act is provided by the Information Commissioner’s Office here.
Individual Rights
Principle 5 60
As well as developing and advancing the principles surrounding data protection, both the GDPR and DPA 2018 forward the individual rights of citizens and their respective personal data.
The GDPR provides the following corresponding rights for individuals:
- The right to be informed
Both data processors and controllers are now obliged to provide information to data subjects about the personal data being collected, how it is going to be used, who it will be shared with, for how long it will be kept and the purpose of its processing.
- The right of access
With request, individual data subjects are entitled to confirmation that their data is being processed, access to that data as well as further information regarding any automated decision making, or the envisioned period of retention.
- The right to rectification
![Principle 5 6 = Principle 5 6 =](https://i1.wp.com/cmplenary.com/wp-content/uploads/2019/03/P5and6-YT-Thumbnail.png?fit=1280%2C720&ssl=1)
With its corresponding principle in ‘accuracy’, data subjects hold the right to have personal data rectified should it be either inaccurate or incomplete.
- The right to erasure
Also known as ‘the right to be forgotten’, this right allows data subjects to request the removal or deletion of data in the eventuality there is no compelling reason for its continued processing or availability. This right may in some circumstances also obligate, for instance, a search engine company to remove certain results, or limit their discoverability.
- The right to restrict processing
![Principle 5 6th Principle 5 6th](https://www.zionandzion.com/wordpress/wp-content/uploads/2017/09/UX-Meets-Email-Principle-5-850x200.jpg)
Processing is any operation performed on personal data. This includes using, viewing, altering or deleting the data. Individuals may block or suppress processing of personal data for the following reasons: Inaccurate data, the unlawful processing of that data or a pending objection to processing the data by the data subject
- The right to data portability
Allowing individuals to obtain and reuse their personal data across different services, this right means an individual’s data should be available in a commonly used machine-readable format, in a way which allows data not to be constantly resubmitted.
- The right to object
Allowing individual to object (for certain reasons) to the processing of their personal data, as well as obliging organisations to inform individuals of this right at the time of first communication.
- Rights in relation to automated decision making and profiling.
One of the more detailed and technical rights afforded under the GDPR, among other things, entitles individuals either opt out of automated decision-making processes, challenge decisions, and/or have automated decisions reviewed by a human. More about this right can be found here.
Celebrate Recovery's Eight Recovery Principles
The Road to Recovery Based on the Beatitudes
Realize I’m not God; I admit that I am powerless to control my tendency to do the wrong thing and that my life is unmanageable. (Step 1)
“Happy are those who know that they are spiritually poor.” Matthew 5:3a TEV
“Happy are those who know that they are spiritually poor.” Matthew 5:3a TEV
Earnestly believe that God exists, that I matter to Him and that He has the power to help me recover. (Step 2)
“Happy are those who mourn, for they shall be comforted.” Matthew 5:4 TEV, NIV
“Happy are those who mourn, for they shall be comforted.” Matthew 5:4 TEV, NIV
Consciously choose to commit all my life and will to Christ’s care and control. (Step 3)
“Happy are the meek.” Matthew 5:5a TEV
“Happy are the meek.” Matthew 5:5a TEV
Openly examine and confess my faults to myself, to God, and to someone I trust. (Steps 4 and 5)
“Happy are the pure in heart.” Matthew 5:8a TEV
“Happy are the pure in heart.” Matthew 5:8a TEV
Voluntarily submit to any and all changes God wants to make in my life and humbly ask Him to remove my character defects. (Steps 6 and 7)
“Happy are those whose greatest desire is to do what God requires” Matthew 5:6a TEV
“Happy are those whose greatest desire is to do what God requires” Matthew 5:6a TEV
Evaluate all my relationships. Offer forgiveness to those who have hurt me and make amends for harm I’ve done to others when possible, except when to do so would harm them or others. (Steps 8 and 9)
“Happy are the merciful.” Matthew 5:7a TEV; “Happy are the peacemakers” Matthew 5:9 TEV
“Happy are the merciful.” Matthew 5:7a TEV; “Happy are the peacemakers” Matthew 5:9 TEV
Reserve a daily time with God for self-examination, Bible reading, and prayer in order to know God and His will for my life and to gain the power to follow His will. (Steps 10 and 11)
Yield myself to God to be used to bring this Good News to others, both by my example and my words. (Step 12)
“Happy are those who are persecuted because they do what God requires.” Matthew 5:10 TEV
“Happy are those who are persecuted because they do what God requires.” Matthew 5:10 TEV