Ignoring EU GDPR principles

A controller must ensure the processing of personal data complies with all six of the following general principles:

1. Lawfulness, fairness, and transparency - Personal data must be processed lawfully, fairly and in a transparent manner;

2. Purpose limitation - Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (with exceptions for public interest, scientific, historical or statistical purposes);

3. Data minimization - Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

4. Accuracy - Personal data must be accurate and, where necessary, kept up to date. Inaccurate personal data should be corrected or deleted;

5. Retention - Personal data should be kept in an identifiable format for no longer than is necessary (with exceptions for public interest, scientific, historical or statistical purposes); and

6. Integrity and confidentiality - Personal data should be kept secure.

If you want to find out more about the EU GDPR check out this EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//)