• 個(gè)人資料應以合法，公正和透明的方式處理。

• 人們需要被告知正在收集什么信息以及為了什么目的而收集。

• 個(gè)人數據應按指定的，明確的和合法的目的收集。它不得用于與這些目的相沖突的其他任何原因。

• 個(gè)人資料只有在需要時(shí)才能保存和處理，并且不超過(guò)此時(shí)間。

• 個(gè)人資料必須保持最新和準確。

• 人們有權收到其數據副本，或者可以要求不再使用他們的個(gè)人數據。在某些情況下，他們可以完全刪除它。

• 組織必須采取適當的安全措施來(lái)保護個(gè)人數據免受意外或不當影響而導致數據的非法破壞，遺失，變更或披露。

• 此外，組織需要確保所有處理個(gè)人數據的工作人員都經(jīng)過(guò)適當的培訓知道如何保護這些數據。

• Personal data for individuals shall be processed lawfully, fairly, and in a transparent manner.

• People need to be told what is being collected and for what purpose.

• Personal data shall be collected for specified, explicit, and legitimate purposes. It shall not be used for any other reasons that conflict with these purposes.

• Personal data shall only be kept and processed for as long as it is required for that purpose and for no longer than that.

• Personal data must be kept up-to-date and accurate.

保護個(gè)人數據的措施必須確保適當的水平來(lái)保障數據的敏感性。由于與數據相關(guān)的風(fēng)險變得更大，所以應該花費更多的努力和措施來(lái)保護數據。這些措施也應該進(jìn)行定期審查并適時(shí)更新。有關(guān)于隱私和安全決議的記錄有助于合規。

The protection measures that are in place to secure personal data must ensure a level of protection appropriate to the sensitive nature of the data. As the risk associated with data becomes greater, so should the effort and expense of measures to protect the data.These measures should be regularly reviewed and updated as appropriate.Well-documented records about privacy and security decisions and measures help to show compliance with the requirements.

此外，當數據轉移給外部第三方或歐盟以外的各方時(shí)，組織在法律上必須采取合同和盡職調查等措施來(lái)保護個(gè)人。最后，在個(gè)人數據泄露的情況下，組織應該在知悉后72小時(shí)內報告違規行為。組織未能遵守GDPR可能導致高達其全球收入的4％的罰款，這也使得GDPR成為財務(wù)成本最高的全球法規之一。

In addition, organizations are legally bound to employ measures, such as contracts and due diligence reviews,to protect personal data when transferring it to external third parties or parties outside the European Union. Finally, in the case of a personal data breach, organizations shall report the breach within 72 hours after becoming aware of it. Failure for organizations to comply with GDPR can result in fines up to 4% of their global revenue, making GDPR one of the most financially costly global regulations in the world.