The 10 key requirements of the EU GDPR

Clive Mackintosh, Founder of GDPR Rep, explains the 10 key requirements of the EU GDPR.

The 10 key requirements of the EU GDPR
The 10 key requirements of the EU GDPR
Clive Mackintosh
September 9, 2023

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. In this blog, Clive Mackintosh, Founder of GDPR Rep, experts in GDPR Representative services explains the 10 key requirements of the EU GDPR.

The EU GDPR has 10 key requirements, which are as follows:

  1. Lawful, fair and transparent processing: 
    Personal data must be processed lawfully, fairly and transparently. This means that individuals must be informed about how their personal data is being processed, and they must have the right to access and control their personal data.
  2. Limitation of purpose: 
    Personal data must be collected for specific, explicit and legitimate purposes. It must not be processed for any other purposes unless the individual has given their consent or the processing is necessary for another lawful reason.
  3. Data minimization: 
    Personal data must be collected only to the extent that is necessary for the purpose for which it is being processed.
  4. Accuracy: 
    Personal data must be accurate and kept up to date. Individuals must be able to have their personal data rectified if it is inaccurate or incomplete.
  5. Storage limitation:
    Personal data must be kept for no longer than is necessary for the purpose for which it is being processed.
  6. Integrity and confidentiality (security):
    Personal data must be protected against unauthorized access, use, disclosure, alteration or destruction.
  7. Accountability: 
    Organizations must be able to demonstrate that they are complying with the data protection principles. They must appoint a data protection officer in certain circumstances and keep records of their data processing activities.
  8. Consent: 
    Individuals must give their consent to the processing of their personal data in most cases. Consent must be freely given, specific, informed and unambiguous.
  9. Data subject rights: 
    Individuals have a number of rights over their personal data, including the right to access, rectify, erase, restrict, object to, port and withdraw their consent.
  10. Personal data breaches: 
    Organizations must notify the supervisory authority within 72 hours of becoming aware of a personal data breach.

The EU GDPR is a complex piece of legislation, GDPR Rep is on a mission to help every business achieve and maintain GPDR representation. If you are looking into how your organisation can fulfil its requirements why not schedule a no-commitment call with a GDPR representative expert today, or get a quote to understand how our value pricing makes compliance simple.

GDPR Representative

We use cookies on our site.
GDPREP.ORG would like to use performance and analytic cookies while you visit and browse our site to improve your experience. This means we may collect some of your data and you can read more about our use of cookies here. You can withdraw your consent at any time by emailing us at: View our Cookie Policy for more information.