- Lawfulness, transparency and good faith: Data processing must not break the law and the data subject must expect such processing to take place.
- Purpose: Data must be processed only for the purposes that are defined in advance and evident at the time of collection.
- Proportionality: The data processed must be limited to what is suitable and objectively necessary to achieve the purpose.
- Correctness: The data controller must ensure that the processed data is correct.
- Limitation on storage: The data may not be kept for any longer than is necessary for the purposes.
- Security: The security of the data must be ensured through technical and organisational measures.