Principle relating to the processing of personal data (Article 5 GDPR):
Processed lawfully, fairly and in a transparent manner.
Collected for a specified, explicit and legitimate purpose – so, unless an individual as agreed, it is unreasonable for a company to sell on data to a third party or promote another company’s goods and services.
Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
Accurate and, where necessary, kept up to date.
Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)