Locked Doors, Not Open Windows: The GDPR Rule That Keeps Secrets Safe

May 2, 2025
Data Protection & Privacy
2 min read

Picture this: You walk into your office, swipe your ID, and the doors glide open. Except today, something’s off. Every file cabinet is open. Confidential folders are scattered across the floor. Sticky notes with passwords? Everywhere.

Would you sit down and start work like it’s just another Tuesday?
Of course not.

That’s the physical version of what poor data security looks like in the digital world.Enter Principle #6 of the GDPR: Integrity and Confidentiality, or as we like to call it—“The Keep-It-Safe Rule.”

So, What’s It Really About?

This principle is the GDPR’s way of saying:
👉 “If you’re going to collect people’s data, you’d better protect it like it’s treasure.”

It requires that personal data is processed in a manner that ensures:

  • Integrity: The data must not be accidentally or maliciously altered or destroyed.
  • Confidentiality: The data must be protected against unauthorized access or disclosure.

Put simply:
💡 Only the right people should access the right data at the right time—and no one else.

Why It Matters

Data isn’t just numbers—it’s identity. It’s someone’s health record, financial standing, location history, or private thoughts captured in a customer feedback form.

When a company mishandles it, they’re not just breaking a rule—they’re breaking trust.And as we all know, trust takes years to build and seconds to lose.

The Case Of The Curious Intern

Let’s say a new intern joins the HR team and, thanks to lax system permissions, gets access to all employee files—including salary details, medical reimbursements, and exit interview notes.

They weren’t trying to snoop. They just clicked around and found themselves in a folder they shouldn’t have been able to open.

That’s not just an “oops.” That’s a data breach.It doesn’t matter whether the intern meant harm or not. Under GDPR, lack of access control = lack of protection.

But It’s Not Just About Hackers

Yes, we hear about cyberattacks, ransomware, and phishing scams. But breaches also happen because of:

  • Sending an email to the wrong person
  • Forgetting to BCC a mailing list
  • Leaving printed documents in a shared printer tray
  • Using weak passwords or shared logins

The GDPR doesn’t just expect organizations to protect data from the “bad guys”—it wants them to guard against everyday carelessness.

Building Your Digital Lockbox

To comply with this principle, organizations need to:

  • Encrypt personal data in transit and at rest
  • Regularly audit access controls and permissions
  • Train staff on data handling and confidentiality
  • Have clear breach response procedures in place

The Takeaway

If personal data were a diary, this principle is the lock you put on it.

It’s not about paranoia—it’s about respect. Respect for the people who trusted you with their information. Respect for boundaries. And respect for the idea that just because data can be accessed, doesn’t mean it should be.

So the next time someone asks for “just a quick look” at sensitive information, pause and ask:
“Should they? Should I?”

Because in the world of GDPR, curiosity without caution doesn’t just kill the cat—it opens the company up to serious consequences.

Contact Us