Principles for the Processing of Personal Data under the General Data Protection Regulation

Every day, you need to provide personal information in order to go on with your daily activities. The solution is not to stop providing data to keep yourself safe of unauthorised or unlawful processing, but to take all the reasonable steps to ensure safety. The following questions that you should ask before providing your data to ensure that nothing is left to chance when it comes to protecting your privacy and personal data: 1) Who is asking for your data? 2) What data has been requested? 3) How will the data be processed? 4) For how long will the data be retained?

Article 5 of the General Data Protection Regulation (GDPR)

The principles are set in article 5 of the General Data Protection Regulation (GDPR) and enshrined thorough all the Regulation, and they apply to every personal data processing activity. As the cornerstone of the Regulation, they should be kept in mind when interpreting the rights and duties established in the General Data Protection Regulation (GDPR). 


Process personal data only when there is aan appropriate legal basis or legislative measure undr the General Data Protection Regulation (GDPR), EU or Member State Law. 


Taking into account the specific circumstances and context in which the personal data is processed, provide all the information necessary to ensure fairness and transparent processing. 


Ensure that all risk, rules, safeguards, and rights concerning the processing are informed to the data subject in a concise easily accessible and easy to understand manner. 


Personal Data may only be collected for specific (defined), explicit (clear) and legitimate purposes (legal basis) determined up-front and, be processed in a manner compatible with it. (Art. 6 (4) an 89 (1) GDPR). 


Process personal data only when it is adequate (appropriate), relevant (pertinent) and limited to what is necessary for the purposes for which they are processed (not excessive). Focus on storage limit. 


Take every reasonable step to ensure that personal data are accurate and up to date concerning for which they are processed. 

Storage Limit

Keep the personal data as far as necessary to identify the data subjects for the purposes established; otherwise, should be erased (Art. 89 (1) GDPR). 

Integrity and Confidentiality

Integrity and Confidentiality to process personal data in a manner that ensures appropriate security, protection against unauthorised or unlawful processing and accidental loss, destruction or damage. 


Accountability refers to the duty to comply with the principles and be able to demonstrate that processing is performed in accordance with them.


MR. BAS A.S. VAN LEEUWEN (LL.M., ESQ.), attorney at law and forensic auditor, assists clients with criminal matters, administrative supervision and enforcement cases, and internal and external investigations. Cases involving accusations of fraud, bribery, money laundering, corruption or violations, financial mismanagement, of international sanctions seriously disrupt a client’s operations and damage their reputation. At a client’s request, the attorney can conduct internal investigations, advice, litigate and negotiate with regulators and the Public Prosecution Service. He delivers swift solutions that address the underlying problems for urgent matters. Sometimes, his clients are injured by non-compliant conduct; sometimes they find themselves accused of the same.