GDPR important principles and requirements regarding the management of personal data:
Lawfulness, fairness, and transparency: personal data should be processed in a lawful, fair and transparent manner
Limited purpose: personal data should be collected for specified, explicit and legitimate purposes and not further processed in a way not compatible with those purposes
Data minimization: the collection of personal data should be limited and data collected must be relevant to accomplish a specific purpose
Accuracy: personal data stored and managed should be accurate and, where necessary, kept up to date
Storage limitation: personal data shouldn’t be kept for longer than is necessary for the purposes for which such personal data is processed
Confidentiality and integrity: personal data should be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures”