OneTrust Certified Privacy Professional 2025 – 400 Free Practice Questions to Pass the Exam

The principle that is not part of GDPR is centered around the concept of data usage for marketing without consent. GDPR emphasizes the necessity of obtaining valid consent from individuals before their personal data can be processed for marketing purposes. Consent must be freely given, specific, informed, and unambiguous, highlighting the importance of individual autonomy and control over personal data.

In contrast, the other options represent established principles of GDPR. Data minimization requires that organizations only collect data that is necessary for the intended purpose. Data storage limitation demands that personal data is kept only as long as necessary for the purposes for which it is processed. Integrity and confidentiality ensure that personal data is processed securely to prevent unauthorized access, loss, or damage. Each of these principles underlines the GDPR's overarching goal to enhance data protection and privacy for individuals.