GDPR data protection principles
The principles of data protection under the GDPR are similar to those under the DPA, but include some extra detail. In summary, these are that personal data shall be:
- processed in a lawful, fair and transparent manner
- collected for specified, explicit and legitimate purposes, and that there will be no further processing that is incompatible with those purposes (there are some exceptions to this for processing for research, statistical or archiving purposes)
- adequate, relevant and limited to what is necessary
- accurate and kept up to date
- kept in a form allowing identification of data subjects for no longer than is necessary (there are some exceptions to this for processing for research, statistical or archiving purposes)
- processed in a secure manner
Also see the ICO’s webpage on GDPR data protection principles, and Article 5 of the GDPR.