The GDPR requires that personal data must be:

  • Processed lawfully, fairly and in a transparent manner
  • Collected for specified, explicit and legitimate purposes
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
  • Accurate and kept up to date (inaccurate personal data must be erased or rectified without delay)
  • Kept in a form which permits identification of data subjects for no longer than is necessary
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Fundamental principles of Data Protection