There are 7 principles set out in Article 5 of the GDPR -

6 principles which apply to the processing of personal data: 

  1. Lawfulness, fairness and transparency
  2. Purpose limitation
  3. Data minimisation
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality

together with the overarching principle of 'accountability' which requires a controller to demonstrate compliance with the personal data processing principles. 

Infringement of the basic principles for processing is subject to a fine of up to €20,000,000.

Please see the "Closer Look" guidance on the processing principles below.