We are accountable for demonstrating compliance with GDPR’s six principles of processing personal data. These provide that personal data we deal with must be:
- processed fairly, lawfully and in a transparent manner;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary;
- accurate and, where necessary, kept up to date;
- not kept for longer than necessary; and
- processed securely, maintaining integrity and confidentiality.