Data Protection Policy
4. Data protection principles
4. Data protection principles
4.1 Anyone processing personal data must comply with the six data protection principles set out in the GDPR. We are required to comply with these principles (summarized below), and show that we comply, in respect of any personal data that we deal with as a data controller.
4.1 Anyone processing personal data must comply with the six data protection principles set out in the GDPR. We are required to comply with these principles (summarized below), and show that we comply, in respect of any personal data that we deal with as a data controller.
4.2 Personal data should be:
4.2 Personal data should be:
- (a) processed fairly, lawfully and transparently;
- (b) collected for specified, explicit and legitimate purposes and not further processed in a way which is incompatible with those purposes;
- (c) adequate, relevant and limited to what is necessary for the purpose for which it is held;
- (d) accurate and, where necessary, kept up to date;
- (e) not kept longer than necessary; and
- (f) processed in a manner that ensures appropriate security of the personal data.
Click on the links below for other sections of the IAP Data Protection Policy:
Click on the links below for other sections of the IAP Data Protection Policy:
3. Definitions of data protection terms
5. Processing data fairly and lawfully
6. Processing data for the original purpose
7. Personal data should be adequate and accurate
8. Not retaining data longer than necessary
9. Rights of individuals under the GDPR
11. Transferring Data Outside the EEA