Accessibility statement

Data protection principles 

Under UK GDPR, personal data must be processed (e.g., collected, organised, altered, stored, used, shared) in accordance with data protection principles. The six principles are summarised below: 

Personal data must be: 

  • processed fairly, lawfully and transparently;
  • processed for specified, explicit and legitimate purposes; 
  • adequate, relevant and limited to what is necessary; 
  • accurate and, where necessary, kept up-to-date; 
  • retained for no longer than necessary; 
  • kept secure.