• RMIGO home
• Records Management
• Freedom of Information
• Data Protection
  • What is personal data?
  • Principles
  • Privacy by design
  • Data Privacy Impact Assessments
  • Your information
  • Individuals' rights
  • Data security
  • Data breaches
  • Guidance
  • Training
  • Glossary
  • External resources
• ePrivacy
• Copyright
• University Archive
• Contact us

Data protection principles 

Under UK GDPR, personal data must be processed (e.g., collected, organised, altered, stored, used, shared) in accordance with data protection principles. The six principles are summarised below: 

Personal data must be: 

• processed fairly, lawfully and transparently;
• processed for specified, explicit and legitimate purposes; 
• adequate, relevant and limited to what is necessary; 
• accurate and, where necessary, kept up-to-date; 
• retained for no longer than necessary; 
• kept secure.