Art. 5 critical Severity GDPR European Union

GDPR Article 5 — Principles relating to processing of personal data

Enforced by: ICO (UK) / National DPAs
Current as of May 25, 2018
Plain Language Summary
The six core GDPR principles: lawfulness/fairness/transparency, purpose limitation, data minimization, accuracy, storage limitation, and integrity/confidentiality.

Personal data shall be:

(a) processed lawfully, fairly and in a transparent manner in relation to the data subject ("lawfulness, fairness and transparency");

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes ("purpose limitation");

(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ("data minimisation");

(d) accurate and, where necessary, kept up to date ("accuracy");

(e) kept in a form which permits identification of data subjects for no longer than is necessary ("storage limitation");

(f) processed in a manner that ensures appropriate security of the personal data ("integrity and confidentiality").

Related Enforcement Cases

British Airways — GDPR Data Breach Fine (£20M) £20M
Marriott International — GDPR Fine (£18.4M) £18.4M