GDPR
Main GDPR principles
The GDPR sets out the key principles that all personal data must be processed in line with.
Data must be:
-
processed lawfully, fairly and transparently
-
collected for specific, explicit and legitimate purposes; limited to what is necessary for the purposes for which it is processed
-
accurate and kept up to date; held securely
-
only retained for as long as is necessary for the reasons it was collected
There are also stronger rights for individuals regarding their own data.
The individual’s rights include:
-
to be informed about how their data is used
-
to have access to their data
-
to rectify incorrect information
-
to have their data erased
-
to restrict how their data is used
-
to move their data from one organisation to another
-
to object to their data being used at all