UK General Data Protection Regulation (UK GDPR)
The UK GDPR sets out the key principles, rights and obligations for most processing of personal data in the UK. It is based on the EU GDPR which applied in the UK before 1 January 2021.
Key Principles of the UK GDPR
There are seven key principles which lie at the heart of the UK GDPR.
Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject.
Data should be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate are erased or rectified without delay.
Data should be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
The controller shall be responsible for, and be able to demonstrate compliance with, all of the principles listed above.