Basic principles of personal data processing and protection

Abstract

The development of an information society that prefers quick and remote resolution of issues, including on the Internet, raises the issue of protecting information and data disseminated and provided by personal data subjects. People do not want to transmit personal information without a clear understanding that it will be protected and not used, or to transfer it unnecessarily to third parties, because most of this information is identifying and personal, and in some cases even «sensitive». In this case, persons who transfer, process, or store personal data must be guided by legal grounds that determine the course of such actions. The fundamental concepts that must be followed in any operations with personal data are the principles. Principles are the basic framework that everyone in this process must adhere to, and failure to do so entails legal liability.
 The institute of personal data protection is relatively new, therefore, with the development of this institute, legislation at various levels develops and improves the basic provisions and general principles of personal data protection. At present, the general principles of personal data processing and protection can be summarised as: transparency, fairness, lawfulness, purpose limitation, data minimisation, data accuracy, data retention period limitation, data security and the principle of accountability.
 Such principles are enshrined in the General Data Protection Regulation and meet the main goal, namely to define the standards on the basis of which personal data should be collected, processed, transferred, stored, and destroyed. The existence of such principles and, most importantly, their consolidation in regulatory legal acts that are binding for all and are primarily necessary to preserve and not restrict the right to privacy and the right to protection of personal data, the right to privacy. The general principles of legitimate operations with personal information provide for notification of the person who provides his/her personal data about the purpose of processing and all the details concerning future actions with the provided information and regulation, limitation and determination of liability for violation of the principles of processing and protection of personal data for the person who further carries out the specified operations.