Which of the following is NOT a key principle of the General Data Protection Regulation (GDPR)?
A. Lawfulness, fairness and transparency
B. Purpose limitation
C. Accountability and governance
D. Data minimization and proportionality
Answer Explanation:
The correct answer is D. Data minimization and proportionality.
The General Data Protection Regulation (GDPR) is a regulation in the European Union (EU) that governs data protection and privacy for individuals within the EU. It was implemented in May 2018 and has become an important consideration for organizations that handle personal data of EU citizens.
The key principles of GDPR are:
Lawfulness, fairness and transparency: Personal data must be processed lawfully, fairly and in a transparent manner.
Purpose limitation: Personal data must be collected for specified, explicit and legitimate purposes.
Data minimization and proportionality: Personal data should be adequate, relevant and limited to what is necessary.
Accuracy: Personal data must be accurate and kept up to date.
Storage limitation: Personal data must not be kept for longer than necessary.
Integrity and confidentiality: Personal data must be processed in a way that ensures appropriate security.
Data minimization and proportionality is not one of the key principles of GDPR, although it is an important consideration for organizations to ensure that they only collect and process the minimum amount of personal data necessary for their specific purposes.