GDPR: what are the basic principles?

The General Data Protection Regulation (GDPR) is based on six basic principles that you must take into account when processing personal data.

Basic principles

1. Lawfulness, fairness and transparency

You are obliged to process personal data in a transparent manner with respect for all applicable laws, regulations and rules.

2. Purpose limitation (finality and proportionality)

You may only process personal data for the purpose of your research, and the processing must be reasonable and proportionate to the purpose of your research.

3. Data minimisation

You may only use the personal data necessary to achieve the objectives of your research.

4. Accuracy

The personal data that you process must be accurate.

5. Storage limitation

The personal data that you process may not be kept longer than necessary for your current research or for possible further analyses of the data.

6. Confidentiality and integrity

As a researcher you must handle personal data confidentially and take appropriate measures to guarantee the confidentiality and integrity of the data.


The general principle of accountability also applies in this context.

For this, it is important to ask yourself the following questions: at the start of my research, did I thoroughly consider and document the privacy aspects of my research, and am I able to demonstrate that I have actively taken responsibility for processing personal data in a secure manner? 

More information

More tips

Translated tip

Last modified Aug. 28, 2023, 10:53 a.m.