Skip to main content Accessibility information

Data Protection Principles

The GDPR sets out seven principles for the lawful processing of personal data. Processing includes the collection, organisation, structuring, storage, alteration, consultation, use, communication, restriction, erasure or destruction of personal data. The seven principles are:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

Data controllers are responsible for complying with the principles of the regulations. Further details are available at the ICO