Even though your everyday tasks might not be related to paperwork or digital management of data we believe that you should be informed about General Data Protection Regulation or GDPR. This legal document is outlining how the different forms of personal information have to be managed. To simplify, GDPR regulates the amount of information institutions and different service providers can ask from people, how and for how long it is stored and it ensures that information is processed and stored only with informed consent of people in question. GDPR is supported by such core values of your profession as respect, confidentiality and privacy, that have been described in other pages of this sequence.
1. Lawfulness, fairness and transparency — Processing of information must be lawful, fair, and transparent to the data subject (person of concern).
2. Purpose limitation — You must process data for the legitimate purposes specified explicitly to the data subject when you collected it.
3. Data minimization — You should collect and process only as much data as absolutely necessary for the purposes specified.
4. Accuracy — You must keep personal data accurate and up to date.
5. Storage limitation — You may only store personally identifying data for as long as necessary for the specified purpose.
6. Integrity and confidentiality — Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).
7. Accountability — The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.
Click to read more of what is GDPR!