21


        A company or organisation must adhere to several key principles relating to GDPR:


        • Personal data must be processed lawfully, in accordance with the processing principle - lawfulness,
        fairness and transparency


        • The undertaking must specify the purposes for which the personal data are processed


        • The company has the right to process only necessary personal data


        • It may not use the personal data for any other purpose than that initially stated


        • Each company has a duty to assure customers that personal data will be kept for a certain period of time










































        4.4 Personal Data protection – good practices


        Good practice 1 – OneTrust


        OneTrust is a Privact Management Software, which will help you to understand how data is flowing
        through your organization. It allows everyone to see what the data life cycle looks like, as well as follow
        recommendations and identify any gaps.   1










        1       https://info.onetrust.com/data-mapping-ebook?utm_source=google&utm_medium=cpc&utm_content={AdGro-
        up}&utm_term=Data%20protection%20tool&utm_campaign=OT-PRIV-T1%20-%20UK%20-%20Marketing&gclid=Cj0KCQjwupD-
        4BRD4ARIsABJMmZ8b4O8y4xERvrSfb1xdaz-GI9IplLuZFIYBH2dN0irqtfju-5bWG6caAhMmEALw_wcB