What are the rules?

In summary, there are six principles of the GDPR.  These are that personal data must be: 

  1. Processed lawfully, fairly and in a transparent manner
  2. Collected for specified, explicit and legitimate purposes
  3. Adequate, relevant and limited to what is necessary for the purpose of processing
  4. Accurate and up to date
  5. Not kept for longer than necessary
  6. Securely kept