GDPR PRINCIPLES

GDPR PRINCIPLES

As data controller, we must be accountable and keep records evidencing our compliance with the following principles. Such record keeping would include the logging of any new system onto our Information Asset Register.

1. Lawfulness, fairness and transparency

Personal data can only be processed if there is a lawful reason for doing so. It must be fair to the data subject and you must be fully transparent with the data subject as to why you are collecting their data and how it is going to be used and shared.

2. Purpose Limitation

Data should only be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes, although further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes is permitted in certain circumstances.

3. Data Minimisation

Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.

4. Accuracy

Personal data must be accurate and, where necessary, kept up to date. Where personal data is inaccurate every reasonable step should be taken to enable its deletion (where appropriate) or correction without delay.

5. Storage Limitation

Personal data must be kept in a form that permits the identification of data subjects for no longer than is necessary. Such personal data can be stored for longer periods for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in certain circumstances and subject to the implementation of the appropriate technical and organisational measures.

6. Integrity and Confidentiality

Personal data must be processed in an appropriately secure manner including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, by the use of appropriate technical or organisational measures.