Further Reading: Principles of data protection

For processing of personal data to be lawful, Controllers must comply with the principles of data protection in that they must process with:

  1. Lawfulness, fairness and transparency meaning:
    • lawful – in accordance with the lawful bases as set out in Articles 6 – 10
    • fair- in the reasonable expectation of the individual
    • transparency – providing information in clear language, identifying the controller, the nature and purpose of the processing and how to exercise rights and freedoms
  2. Purpose limitation meaning:
    • only collect personal data for specified, explicit and legitimate purposes
    • no processing of personal data in a manner incompatible with purposes for which it was collected
  3. Data minimisation meaning personal data collected for the identified purpose should be:
    • adequate
    • relevant
    • limited to what is necessary
  4. Accuracy meaning personal data must be:
    • accurate and kept up to date
    • corrected or deleted without delay when inaccurate
  5. Storage limitation meaning that personal data should only be kept in an identifiable format for only as long as necessary for the purposed for which it was originally collected
  6. Integrity and Confidentiality meaning that the business or organisation must apply appropriate technical and [BIT OF TEXT MISSING FROM JANE’S SPREADSHEET]
  7. References:

    Article 5(1) to 10 and Recital (39) of the GDPR Articles 13 and 14 of the GDPR

    Article 29 Working Party Opinion on Transparency ((EU) 2016/679) revised in April 2018 https://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=51025 Article 29 Working Party Opinion 03/2013 on purpose limitation (WP 203)


    Expectation of privacy:

    ZXC v Bloomberg LLP [2020] EWCA Civ 611 paragraphs 82 and 84 Axel Springer v Germany [2012] EMLR 15ICO guidance on principles of data protection with links to further guidance https://ico.org.uk/for-organisations/guide-to-data-protection/