Data protection principles

The data protection principles must always be observed when processing personal data. The controller must also be able to demonstrate the effective implementation of the data protection principles in the processing of personal data.

The data-protection principles state that personal data must be

  • processed lawfully, fairly and in a transparent manner in relation to the data subject;
  • collected and processed for a specific and lawful purpose;
  • collected only to the amount necessary with regard to the purpose of the processing;
  • updated when required ‒ inaccurate personal data must be erased or rectified without delay;
  • kept in a form which only permits the identification of data subjects for as long as is necessary for the purposes of processing the personal data; and
  • processed confidentially and securely.

All activities involving personal data, from the planning of processing to the collection, processing and erasure of personal data, constitute processing of personal data. The data protection principles must be adhered to for the entire duration of processing.

More information on the data protection principles is available from the links below.

Read more about demonstrating your compliance with data protection regulations