General Data Protection Regulation
Cards (7)
- Lawfulness, fairness and transparency - data should be processed lawfully, fairly and in a transparent manner in relation to the individuals to whom the data relates
- Purpose limitation - data should be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- data minimisation - data should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- Accuracy - data should be error-free and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate is updated or deleted without delay
- Storage limitation - data should be kept in a form that permits identification of data subjects for no longer than is necessary for the purposed for which the personal data are processed
- Integrity and confidentiality - data should be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss or destruction
- Accountability - this requires the organisation to take responsibility for what they do with personal data and how they comply with the other principles