The Principles of GDPR

Lawfulness, fairness and transparency

Personal data should be processed lawfully, fairly and in a transparent manner in relation to individuals;

Purpose limitation

Data should be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

Data minimisation

The data processed should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;


The data should be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay;

Storage limitation

Data should be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed;

Integrity and confidentiality

Data should be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.