What it Means
Under GDPR, the specific purposes for processing personal data must be identified and subsequently documented. Such a purpose must ensure that personal data Is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Organisations must also make sure to implement measures to restrict further processing beyond the specified purpose.
Lawful, Fair and Transparent Processing
Purpose Limitation
Data Minimisation
Data Accuracy
Storage Limitation
Integrity and Confidentiality
Accountability
