Organisations should only process personal data lawfully and in a fair way. People must be told very clearly what the organisation intends to do with the personal data collected.
PurposeLimitation
Personal data should be collected for specific, explicit and legitimatepurposes, which is clearly told to the datasubject. The personal data cannot be used for any other purpose.
DataMinimisation
Personal data should be adequate, relevant and limited to what is needed.
Accuracy
Personal data must be accurate, and where necessary, kept uptodate. Reasonable steps should be taken to rectify any data that is found to be inaccurate.
StorageLimitation
Personal data should not be kept for any longer than necessary for the purpose it was collected for. When notneeded it must be disposed of securely.
Integrity and Confidentiality
Personal data must be protected against unauthorisedaccess, accidentalloss,destruction or damage. Both physical and technicalcontrols should be used as appropriate.
