Principles of UK GDPR
Under UK GDPR, companies that control or process personal data must follow these principles:
- data processing must be lawful, fair and transparent
- data should only be collected for specific, explicit and legitimate purposes
- data collection should be limited to what is needed for the purpose for which it is processed
- data should be accurate. Every reasonable step should be taken to ensure data remains accurate
- data should not be kept for any longer than is needed for the purpose for which it is processed
- data should be processed securely and protected against unlawful processing
- the data controller must:
- take responsibility for what the company does with personal data
- be able to evidence the company has followed these principles