The GDPR sets out seven principles for the lawful processing of personal data. Processing includes the collection, organisation, structuring, storage, alteration, consultation, use, communication, restriction, erasure or destruction of personal data. The seven principles are:
Data controllers are responsible for complying with the principles of the regulations. Further details are available at the ICO https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/
