GDPR has established six privacy principles to provide clear guidance. These form the fundamental conditions that all organisations must follow:

1. Only collect personal data that is relevant
2. Only collect minimal information on individuals
3. Periodically review the personal data you hold to make sure it is accurate and up to date
4. Put robust operational and technical safeguards in place to protect people’s personal data
5. Signpost people to the Information Commissioner’s Office for guidance about their rights
6. Never hold personal data any longer than you need to

As Sport:80 administrator you have access to PE members’ personal data. You must all ensure that personal data you process is :

• processed lawfully, fairly and in a transparent manner
• collected for specified, explicit and legitimate purposes
• adequate, relevant and limited to what is necessary
• accurate and up to date
• retained only for as long as necessary
• processed in an appropriate manner to maintain security.