- Any processing of personal data must be lawful, fair and transparent.
- Only collect personal data for specified, explicit and legitimate purposes. The processing of an individual’s data must be strictly limited to the purpose(s) initially established, and therefore not processed for subsequent or other purpose(s) that are incompatible with the initial purposes.
- Only process personal data that is necessary and proportionate in light of the purpose envisaged.
- All personal data you process must be accurate and kept up to date. Inaccurate personal data must be rectified or erased.
- The storage of individuals’ personal data must be limited in time, in light of the purpose for which this data was collected and processed. As such, individuals’ personal data must be deleted or anonymised once this data is no longer necessary.
- The processing of individuals’ data must be done in a secure way. In this sense, robust cybersecurity controls, must be put in place to ensure that individuals’ data is adequately protected.
Finally, the controller is accountable. This means it is responsible for and must be able to demonstrate compliance with the principles above.
More information: