• RMIGO home
• Records Management
• Freedom of Information
• Data Protection
  • What is personal data?
  • Principles
  • Privacy by design
  • Data Privacy Impact Assessments
  • Your information
  • Individuals' rights
  • Data security
  • Data breaches
  • Guidance
  • Training
  • Glossary
• ePrivacy
• Copyright
• University Archive
• Contact us

Data protection principles 

Under UK GDPR, personal data must be processed (e.g., collected, organised, altered, stored, used, shared, disposed of) in accordance with the data protection principles. The six principles are summarised below. 

Personal data must be: 

• processed fairly, lawfully and transparently;
• processed for specified, explicit and legitimate purposes; 
• adequate, relevant and limited to what is necessary; 
• accurate and, where necessary, kept up-to-date; 
• retained for no longer than necessary; and
• kept secure.       

In addition, the University must demonstrate accountability for its compliance with these principles.