General Data Protection Regulation
Organisations need to make sure their data collection practices don’t break the law and that they aren't hiding anything from data subjects
Organisations should only collect personal data for specific purpose and clearly state what that purpose is and only collect data for as long as necessary.
Organisations must only process the personal data that they need to achieve its processing purpose
The accuracy of personal data is integral to data protection. The GDPR states that "every reasonable step must be taken" to erase or rectify data that is inaccurate or incomplete.
Organisations need to delete personal data when it's no longer necessary.
The data must be processed in a manner that ensures appropriate security of the personal data
The UK data protection act refers to the domestic implementation of the EU GDPR.