GDPR has established six privacy principles to provide clear guidance. These form the fundamental conditions that all organisations must follow:
Only collect personal data that is relevant
Only collect minimal information on individuals
Periodically review the personal data you hold to make sure it is accurate and up to date
Put robust operational and technical safeguards in place to protect people’s personal data
Signpost people to the Information Commissioner’s Office for guidance about their rights
Never hold personal data any longer than you need to
As Sport:80 administrator you have access to PE members’ personal data. You must all ensure that personal data you process is :
processed lawfully, fairly and in a transparent manner
collected for specified, explicit and legitimate purposes
adequate, relevant and limited to what is necessary
accurate and up to date
retained only for as long as necessary
processed in an appropriate manner to maintain security.