GDPR has established six privacy principles to provide clear guidance. These form the fundamental conditions that all organisations must follow:
- Only collect personal data that is relevant
- Only collect minimal information on individuals
- Periodically review the personal data you hold to make sure it is accurate and up to date
- Put robust operational and technical safeguards in place to protect people’s personal data
- Signpost people to the Information Commissioner’s Office for guidance about their rights
- Never hold personal data any longer than you need to
As Sport:80 administrator you have access to PE members’ personal data. You must all ensure that personal data you process is :
- processed lawfully, fairly and in a transparent manner
- collected for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary
- accurate and up to date
- retained only for as long as necessary
- processed in an appropriate manner to maintain security.