Storage Limitation

The storage limitation principle specifies that personal data shall be kept in a form which permits identification of the data subject for no longer than is necessary. This means that we should consider how long data must be retained in its current state, which would in turn translate into our data retention schedule.  It is […]


The accuracy principle specifies that personal data shall be accurate and, where necessary kept up to date. This means that we should endeavour to keep personal data up to date as this supports our ability to provide services based upon current data.  Clearly there is a dependency on maintaining a relationship with a source of […]


The minimisation principle specifies that personal data shall be adequate, relevant and limited to the what is necessary in relation to the purpose of the processing. This means that we should only collect the personal information that we need to meet the purpose of the processing.  Collection of too much personal data and too little […]

Data Protection Principles

The principles relating to the processing of personal data are laid out within the data protection legislation and they form the backbone of the requirements for any organisation processing personal data.  Failure to implement the principles throughout the organisation is deemed to be a significant breach of the regulation and could attract the highest level […]

Purpose Limitation

The purpose limitation principle specifies that personal data shall be collected for specific, explicit and legitimate purposes.  This means that personal data should only be collected if it relates to the purpose of the processing that we need it for and that we cannot then decide to use this personal data for a further purpose. […]


In order for personal data to be processed in a transparent manner we must be sure that we have informed the data subject of how their data is processed, the parties it is shared with, how long their data is retained and any transfers of their personal data to a third country. Under normal circumstance […]

Lawful basis

In order for personal data to be processed lawfully, it must be processed according to a specific lawful basis.  Personal data should only be processed if at least one of the following applies: The data subject has provided consent for the processing of the personal data for specific purposes The processing is necessary for the […]

Data Processor

A data processor is any person, authority, organisation or other body which processes data on behalf of a data controller.  A data processor has many obligations in ensuring that the personal data being processed is afforded the same protections as if it were being processed by the controller, therefore the controller is required to ensure: […]

Data Controller

A data controller is any person, authority organisation or other body which either on its own or jointly with another party determines the purposes and means of processing personal data.  In simple terms, the controller is responsible for ensuring the control of the personal data. Relationships with Data Processors When a controller passes on responsibility […]

Data Processor Security Assessment

Organisations must ensure that personal data remains secure regardless of if data is processed internally or by a separate data processor.  Where a data processor is engaged it is important that the data controller can be assured that the personal data remains secure.  A data controller can gain this assurance through the contract with the […]