What is GDPR?
So the GDPR can say a lot of important principles. We've covered some of them in this episode, we'll take a few more. One is data retention. Another one is data deletion, and then there's data limitation. So what do these core principles mean? Well, they talk about only being allowed to store and process data that you need.
It's not a nice to have. It's a need to have a principal. It also means that you are obligated to have a policy that defines for how long you're keeping data. When are you deleting it? As an example, if you're receiving job applications, you need to delete those applications six months after you've received them.
If you, of course, didn't hire that employee. So these are some of the core principles. Another thing is also data limitation. It means that you can't just get all the data in the world and store it and keep it. You're only allowed to have the data that is necessary. So back to the principle; data has to be on the core principle of the need to have a, not nice to have.