Requirements for a data management system

How should a data management system be set up to mitigate risks?

First of all, it is important to establish a policy in line with the principles of the GDPR. These are listed in Article 5 GDPR. In particular, attention should be paid to:

• Fair, transparent and lawful processing of data.
• Purpose limitation: data is only used for the purpose for which the data was collected, and you keep track of these purposes per dataset.
• Data minimisation: only relevant data needed for the purpose is saved.
• Accuracy: make sure you can check if data has changed and if necessary, you can update the data.
• Storage limitation: only store personal data identifiable as long as it is needed and anonymise it as soon as possible when it is used for general purposes such as research and statistics.
• Integrity and confidentiality: ensure clarity regarding who has access to what data and make sure that internal and external data security is in place.

For further explanation of these terms, please refer to the GDPR glossary.