What are the rules?
In summary, there are six principles of the GDPR. These are that personal data must be:
- Processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary for the purpose of processing
- Accurate and up to date
- Not kept for longer than necessary
- Securely kept