Data protection principles
Under UK GDPR, personal data must be processed (e.g., collected, organised, altered, stored, used, shared) in accordance with data protection principles. The six principles are summarised below:
Personal data must be:
- processed fairly, lawfully and transparently;
- processed for specified, explicit and legitimate purposes;
- adequate, relevant and limited to what is necessary;
- accurate and, where necessary, kept up-to-date;
- retained for no longer than necessary;
- kept secure.