Skip to main content

Data Protection Principles

Under the GDPR there are six data protection principles. A data controller must comply with all six general principles when processing personal data:

  1. Lawfulness, fairness and transparency - Personal data must be processed lawfully, fairly and in a transparent manner.
  2. Purpose limitation - Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (with exceptions for public interest, scientific, historical or statistical purposes).
  3. Data minimisation - Personal data must be adequate, relevant and limited to what is necessary in relation to purposes for which they are processed.
  4. Accuracy - Personal data must be accurate and, where necessary, kept up to date. Inaccurate personal data should be corrected or deleted.
  5. Retention - Personal data should be kept in an identifiable format for no longer than is necessary (with exceptions for public interest, scientific, historical or statistical purposes).
  6. Integrity and confidentiality - Personal data must be kept securely.