2BAdviceAilance
0 Comments
5946 Views

Need-to-know principle

The Need-to-know principle (meaning: knowledge only if necessary), also known as the necessity principle, describes the fact that every employee in a responsible body only receives the information relevant to them that they need to fulfill their respective tasks. It therefore represents an important TOM for achieving an appropriate level of security (Art. 32 para. 1 GDPR), because this prevents the unnecessary dissemination of information and restricts access to it to the necessary minimum. The fewer people have access to certain personal data access (because they do not need it), the lower the risk of data breaches. The need-to-know principle is put into practice with the help of a user rights concept, for example.

Practical example

With the Processing of data, the company takes into account the principle of Need-to-know principleby collecting only necessary data and providing transparent information about its use.

Pay Transparency Directive and data protection: new requirements for companies

« Back to Glossary Index

2BAdviceAilance

administrator