The UK General Data Protection Regulation states that personal data shall be:
- Processed lawfully, fairly, and in a transparent manner in relation to individuals. (lawfulness, fairness and transparency).
- Collected for specified, explicit and legitimate purposes and not further processed for other purposes incompatible with those initial purposes (purpose limitation).
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation).
- Accurate and, where necessary, kept up to date.
- Kept in a form that permits identification of the data subjects for no longer than is necessary for the purposes for which the personal data are processed. We may store your personal data for longer periods, but we will ensure we have a legal purpose for this, such as for archiving purposes in the public interest, scientific, or historical research purposes. Or statistical purposes subject to implementation of appropriate technical and organisational measures required by the legislation in order to safeguard your rights (storage limitation).
- Processed in a way that ensures appropriate security of the personal data. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. (integrity and confidentiality).
- The controller shall be responsible for, and be able to demonstrate compliance with the principles (accountability).